beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 8

background image

iii

Importing a public key from a public key file ··································································································· 105

 

Configuring PKI ······················································································································································· 108

 

Overview ······································································································································································· 108

 

PKI terms ······························································································································································· 108

 

PKI architecture ···················································································································································· 109

 

PKI operation ······················································································································································· 110

 

PKI applications ··················································································································································· 110

 

Configuring PKI in the Web interface ························································································································ 110

 

Recommended configuration procedure ··········································································································· 110

 

Creating a PKI entity ··········································································································································· 113

 

Creating a PKI domain ······································································································································· 114

 

Generating an RSA key pair ······························································································································ 117

 

Requesting a local certificate ····························································································································· 118

 

Destroying the RSA key pair ······························································································································ 118

 

Retrieving and displaying a certificate ············································································································· 119

 

Retrieving and displaying a CRL ························································································································ 120

 

PKI configuration examples ································································································································ 121

 

Configuring PKI in the CLI ··········································································································································· 131

 

PKI configuration task list ···································································································································· 131

 

Configuring an entity DN ··································································································································· 131

 

Configuring a PKI domain ·································································································································· 132

 

Submitting a PKI certificate request ··················································································································· 133

 

Retrieving a certificate manually ························································································································ 135

 

Verifying PKI certificates ····································································································································· 136

 

Destroying the local RSA key pair ····················································································································· 137

 

Deleting a certificate ··········································································································································· 137

 

Configuring an access control policy ················································································································ 137

 

Displaying and maintaining PKI ························································································································ 138

 

PKI configuration examples ································································································································ 138

 

Troubleshooting PKI ····················································································································································· 146

 

Failed to retrieve a CA certificate ······················································································································ 146

 

Failed to request a local certificate ··················································································································· 146

 

Failed to retrieve CRLs ········································································································································ 147

 

Configuration guidelines ············································································································································· 147

 

Configuring SSL ······················································································································································· 149

 

Overview ······································································································································································· 149

 

SSL security mechanism ······································································································································ 149

 

SSL protocol stack ··············································································································································· 150

 

Configuration task list ·················································································································································· 150

 

Configuring an SSL server policy ······························································································································· 150

 

SSL server policy configuration example ·········································································································· 152

 

Configuring an SSL client policy ································································································································ 153

 

Displaying and maintaining SSL ································································································································· 154

 

Troubleshooting SSL ····················································································································································· 154

 

Configuring SSH ····················································································································································· 156

 

Overview ······································································································································································· 156

 

How SSH works ··················································································································································· 156

 

SSH authentication ·············································································································································· 157

 

SSH support for VPNs ········································································································································· 158

 

Configuring the device as an SSH server ·················································································································· 158

 

SSH server configuration task list ······················································································································ 159

 

Generating local RSA key pairs ························································································································ 159

 

Enabling the SSH server function ······················································································································· 159

 

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: