H3C Technologies H3C SecPath F1000-E User Manual
Page 316
304
d.
Click the expansion button before Advanced Configuration to display the advanced
configuration items.
e.
In the advanced configuration area, click the Enable CRL Checking box, and enter
ldap://2.1.1.102 as the URL for CRLs.
f.
Click Apply.
The system displays "Fingerprint of the root certificate not specified. No root certificate
validation will occur. Continue?"
g.
Click OK to confirm.
3.
Generate an RSA key pair:
a.
From the navigation tree, select VPN > Certificate Management > Certificate.
b.
Click Create Key.
c.
Enter 1024 as the key length.
d.
Click Apply to generate an RSA key pair.
4.
Retrieve the CA certificate:
a.
From the navigation tree, select VPN > Certificate Management > Certificate.
b.
Click Retrieve Cert.
c.
Select 1 for the PKI domain, select CA for the certificate type, and click Apply.
5.
Request a local certificate:
a.
From the navigation tree, select VPN > Certificate Management > Certificate and then click
Request Cert.
b.
Select 1 for the PKI domain.
c.
Click Apply. When the system displays "Certificate request has been submitted", click OK to
confirm.
6.
Retrieve the CRL:
a.
After retrieving a local certificate, select VPN > Certificate Management > CRL from the
navigation tree.
b.
Click Retrieve CRL corresponding to PKI domain 1.
7.
Configure IKE proposal 1, using RSA signature for identity authentication:
a.
From the navigation tree, select VPN > IKE > Proposal.
b.
Click Add.
c.
Enter 1 as the IKE proposal number, select RSA Signature as the authentication method, and
click Apply.
8.
Configure an IKE peer and reference the configuration of the PKI domain for the IKE peer:
a.
From the navigation tree, select VPN > IKE > Peer.
b.
Click Add.
c.
Enter peer as the peer name, select PKI Domain, select the PKI domain 1, and click Apply.
The preceding configuration procedure covers only the configurations for IKE negotiation using RSA
digital signature. For an IPsec tunnel to be established, you also need to perform IPsec configurations. For
information about IPsec configuration, see "Configuring IPsec."
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS