Procedure – HP Traffic Director sa7220 User Manual

A P P E N D I X B

Obtaining Keys and Certificates

257

Obtaining a
Certificate
from Verisign
or another CA

Use the policy manager

key create

command to create your key

and the

key signrequest create

command to create a signing

request to be sent to Verisign or another CA for authentication. The
CA will return the certificate, but there may be a delay of 1-5 days.

This method is used when certificate authentication is desired. The
fields input as part of creating a signing request are called a
Distinguished Name (DN).

Procedure

NOTE: Be sure to save
your configuration after
creating a key. If the
configuration is not
saved, and a power
outage or factory_reset
occurs, the unsaved key
will be lost, rendering the
certificate invalid. Also,
for optimal security, one
or more fields must be
modified to make the DN
unique.4

1. To create a key, type the following command:

HP SA8220#c

onfig policygroup service

key create [512 | 1024]

2. To create the signing request, type the following command:

HP SA8220#

config policygroup service

key signrequest create [DN

parameters]

Where the optional DN parameters are shown below.

3. Use the policy manager

key signrequest export

command to paste or ftp the signing request to another system
and submit it to the CA.

4. When returned by the CA, import the certificate into the SA8220.

Element

Description

life

The number of days that the certificate remains
valid. The default is 30 days.

name

The common (server) name

email

Your email address

state

Your state or province

organization

Your company name

unit

Your organizational section

locality

Your town or city