H3c-technologies H3C WX6000 Series Access Controllers Uživatelský manuál Strana 656
- Strana / 678
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
68-9
Retrieving a Certificate Manually
You can download an existing CA certificate or local certificate from the CA server and save it locally. To
do so, you can use two ways: online and offline. In offline mode, you need to retrieve a certificate by an
out-of-band means like FTP, disk, e-mail and then import it into the local PKI system.
Certificate retrieval serves two purposes:
z Locally store the certificates associated with the local security domain for improved query efficiency
and reduced query count;
z Prepare for certificate validation.
Before retrieving a local certificate, be sure to complete LDAP server configuration.
Follow these steps to retrieve a certificate manually:
To do… Use the command… Remarks
Enter system view
system-view
—
Online
pki retrieval-certificate
{
ca
|
local
}
domain
domain-name
Retrieve a
certificate
manually
Offline
pki import-certificate
{
ca
|
local
}
domain
domain-name {
der
|
p12
|
pem
} [
filename
filename ]
Required
Use either command
z If a PKI domain has already a CA certificate, you cannot retrieve another CA certificate for it. This is
in order to avoid inconsistency between the certificate and enrollment information due to related
configuration changes. To retrieve a new CA certificate, use the pki delete-certificate command
to delete the existing CA certificate and local certificate first.
z The pki retrieval-certificate configuration will not be saved in the configuration file.
Configuring PKI Certificate Validation
A certificate needs to be validated before being used. Validating a certificate is to check that the
certificate is signed by the CA and that the certificate has neither expired nor been revoked.
Before validating a certificate, you need to retrieve the CA certificate.
You can specify whether CRL checking is required in certificate validation. If you enable CRL checking,
CRLs will be used in validation of a certificate.
Configuring CRL-checking-enabled PKI certificate validation
Follow these steps to configure CRL-checking-enabled PKI certificate validation:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter PKI domain view
pki domain
domain-name —
Specify the URL of the CRL
distribution point
crl url
url-string
Optional
No CRL distribution point URL is
specified by default.
- Interface Board 1
- Configuration Guide 1
- All Rights Reserved 2
- Trademarks 2
- Preface 3
- Conventions 4
- Obtaining Documentation 5
- Documentation Feedback 5
- Table of Contents 6
- OAP Board Overview 29
- 2 Logging In Through Telnet 31
- Common Configuration 32
- Table 2-4 34
- [H3C-ui-vty0] idle-timeout 6 43
- <H3C> system-view 43
- Management System 46
- 4 Logging In from an NMS 48
- Packets 49
- 6 Controlling Login Users 51
- 7 VLAN Configuration 56
- VLAN Fundamental 57
- VLAN Classification 58
- Port link type 60
- Default VLAN 61
- VLAN Configuration Example 66
- Verification 67
- 8 Voice VLAN Configuration 69
- Voice VLAN Modes on a Port 70
- Configuring Voice VLAN 71
- 9 GVRP Configuration 78
- Operating mechanism of GARP 79
- GARP message format 79
- GVRP Configuration Task List 81
- Configuring GVRP 82
- GVRP Configuration Examples 83
- IP Addressing Configuration 88
- Special Case IP Addresses 89
- Subnetting and Masking 89
- Configuring IP Addresses 90
- 172.16.2.0/24 93
- IP Performance Configuration 94
- Configuring TCP Attributes 96
- 12 QinQ Configuration 100
- Implementations of QinQ 101
- Configuring Basic QinQ 103
- Configuring Selective QinQ 103
- QinQ Configuration Example 104
- Network diagram 105
- Configuration procedure 105
- BPDU Tunneling Configuration 108
- Configuring BPDU Isolation 109
- Network requirements 111
- Ethernet Port Configuration 114
- Combo Port Configuration 115
- Configuring Combo port state 116
- Configuring a Port Group 117
- Port Isolation Configuration 124
- Displaying Isolation Groups 125
- Uplink port support: No 126
- Group ID: 1 126
- Link Aggregation Overview 127
- Manual Link Aggregation 128
- Static LACP link aggregation 129
- Aggregation Port Group 131
- Configuring Link Aggregation 132
- Group Can Learn 138
- Port Security Configuration 140
- Port Security Modes 141
- Enabling Port Security 143
- Enabling the autoLearn Mode 145
- Configuring NTK 146
- Configuring Trapping 147
- Configuration Prerequisites 148
- Configuration Procedure 148
- Symptom 157
- Analysis 157
- Solution 157
- 20 MSTP Configuration 159
- Basic concepts in STP 160
- Path cost 161
- How STP works 161
- Figure 20-3 165
- Introduction to MSTP 167
- Basic concepts in MSTP 168
- Protocols and Standards 172
- Configuration Task List 173
- Configuring the Root Bridge 174
- Configuration example 175
- Configuring Timers of MSTP 179
- Enabling the MSTP Feature 185
- Configuring Leaf Nodes 186
- Configuring Port Priority 188
- Performing mCheck 190
- Configuring Digest Snooping 191
- Configuration Example 192
- Prerequisites 194
- Enabling Root Guard 196
- Enabling Loop Guard 197
- MSTP Configuration Example 199
- 21 IP Routing Overview 203
- Routing Protocol Overview 205
- Route backup 206
- Route Recursion 207
- 22 GR Overview 209
- Static Routing Configuration 213
- Configuring a Static Route 214
- 24 RIP Configuration 219
- Operation of RIP 220
- RIP Version 221
- RIP Message Format 221
- RIPv2 message format 222
- RIPv2 authentication 222
- Supported RIP Features 223
- Configuring a RIP version 224
- Advertising a summary route 226
- Advertising a Default Route 227
- Configuring RIP Timers 229
- Enabling poison reverse 230
- Specifying a RIP Neighbor 231
- RIP Configuration Examples 232
- Troubleshooting RIP 234
- 25 OSPF Configuration 235
- Basic Concepts 236
- LSA types 237
- Neighbor and Adjacency 237
- Area partition 238
- Classification of Routers 238
- (Totally) Stub area 240
- NSSA area 240
- Route summarization 241
- Route types 241
- OSPF network types 242
- DR and BDR 243
- OSPF Packet Formats 244
- OSPF packet header 244
- Hello packet 245
- DD packet 245
- LSR packet 246
- LSU packet 247
- LSAck packet 247
- LSA header format 248
- Formats of LSAs 249
- Supported OSPF Features 252
- OSPF Configuration Task List 253
- Configuring Stub Routers 264
- OSPF Configuration Examples 270
- # Configure Switch B 271
- # Configure Switch C 271
- 3) Verify the configuration 271
- Processing steps 285
- IP Source Guard Overview 287
- Displaying IP Source Guard 288
- Troubleshooting 292
- 27 DLDP Configuration 293
- Device A 294
- Device B 294
- DLDP Fundamentals 295
- DLDP mode 296
- DLDP authentication mode 297
- DLDP implementation 298
- DLDP neighbor state 299
- Enabling DLDP 300
- Setting DLDP Mode 301
- Setting the DelayDown Timer 302
- Resetting DLDP State 303
- DLDP Configuration Example 304
- 28 Multicast Overview 307
- Broadcast 308
- Multicast 309
- Roles in Multicast 310
- Multicast Models 311
- Multicast Architecture 312
- IPv6 Multicast Addresses 314
- Multicast Protocols 316
- Layer 2 multicast protocols 317
- IGMP Snooping Configuration 319
- IGMP Snooping related ports 320
- Enabling IGMP Snooping 324
- Configuring Static Ports 326
- Multicast VLAN Configuration 344
- 31 LLDP Configuration 348
- TLV Types 349
- Enabling LLDP 352
- Setting LLDP Operating Mode 352
- Configuring LLDPDU TLVs 352
- Enable LLDP Polling 354
- Configuring LLDP Trap 355
- LLDP Configuration Example 356
- 32 sFlow Configuration 359
- Configuring sFlow 360
- Displaying sFlow 360
- 33 ARP Configuration 363
- ARP Message Format 364
- ARP Mapping Table 365
- Configuring ARP 366
- Enabling the ARP Entry Check 367
- ARP Configuration Example 367
- Configuring Gratuitous ARP 368
- 34 Proxy ARP Configuration 370
- 35 DHCP Overview 374
- DHCP Address Allocation 375
- DHCP Message Format 376
- DHCP Options 377
- Introduction to DHCP Options 378
- Self-Defined Options 378
- Option 184 379
- Application Environment 381
- Fundamentals 381
- IP network 382
- DHCP Client Configuration 391
- DHCP Snooping Configuration 394
- BOOTP Client Configuration 400
- Through BOOTP 401
- Network requirement 402
- 40 ACL Overview 403
- Introduction to IPv4 ACL 404
- IPv4 ACL Match Order 405
- Introduction to IPv6 ACL 406
- IPv6 ACL Classification 407
- IPv6 ACL Naming 407
- IPv6 ACL Match Order 407
- IPv6 ACL Step 408
- 41 IPv4 ACL Configuration 409
- Configuring a Basic IPv4 ACL 410
- Configuration Examples 411
- Copying an IPv4 ACL 415
- Network Diagram 416
- 42 IPv6 ACL Configuration 418
- Copying an IPv6 ACL 421
- Network Requirements 422
- 43 QoS Overview 424
- Occurrence of Congestion 425
- Influence of Congestion 425
- Countermeasures 426
- Rate Configuration 428
- Token Bucket 432
- Complicated Evaluation 432
- Traffic Policing 433
- Line Rate 433
- Line Rate Configuration 434
- 45 QoS Policy Configuration 435
- Defining a Class 436
- Defining a Traffic Behavior 437
- Defining a Policy 439
- Applying a Policy 439
- 46 Congestion Management 441
- Configuring an SP Queue 444
- Configuring a WRR Queue 444
- Configuring SP+WRR Queues 445
- 47 Priority Mapping 447
- Overview 452
- Port Mirroring Configuration 457
- Implementing Port Mirroring 458
- Displaying Port Mirroring 462
- 51 UDP Helper Configuration 466
- 52 SNMP Configuration 469
- SNMP Protocol Version 470
- MIB Overview 470
- SNMP Configuration 471
- Configuring SNMP Logging 473
- Trap Configuration 474
- SNMP Configuration Example 476
- 53 RMON Configuration 480
- RMON Groups 481
- Configuring RMON 482
- RMON Configuration Example 484
- 54 NTP Configuration 486
- How NTP Works 487
- NTP Message Format 488
- Operation Modes of NTP 490
- Broadcast mode 491
- Multicast mode 491
- NTP Configuration Task list 492
- NTP Configuration Examples 500
- delay disper 506
- Root delay: 40.00 ms 506
- AC B and AC A 510
- 55 DNS Configuration 511
- DNS suffixes 512
- Configuring the DNS Client 513
- Configuring the DNS Proxy 514
- DNS Configuration Examples 515
- File System Management 521
- Directory Operations 522
- File Operations 522
- Storage Device Operations 523
- Memory space management 524
- Configuration File Overview 525
- Format of configuration file 526
- 57 FTP Configuration 530
- Configuring the FTP Client 531
- Configuring the FTP Server 535
- <Sysname> reboot 538
- 58 TFTP Configuration 539
- Configuring the TFTP Client 540
- Information Center Overview 543
- System Information Format 546
- 60 Basic Configurations 559
- Configuring the Device Name 560
- Configuring the System Clock 560
- Configuring a Banner 562
- Configuring CLI Hotkeys 563
- CLI Features 567
- Edit Features 569
- CLI Display 569
- Display functions 570
- Saving History Commands 571
- The ping command 572
- The tracert command 572
- System Maintaining 574
- System Debugging 574
- System Maintaining Example 575
- 62 Device Management 576
- Upgrading Boot ROM 578
- 63 NQA Configuration 580
- Basic Concepts of NQA 582
- NQA Configuration Task List 583
- Configuring the NQA Server 583
- Enabling the NQA Client 584
- Creating an NQA Test Group 584
- Configuring the DHCP Test 586
- Configuring the FTP Test 586
- Configuring the HTTP Test 587
- Configuration prerequisites 589
- Configuring the SNMP Test 590
- Configuring the TCP Test 591
- Configuring the DLSw Test 593
- Configuring Trap Delivery 595
- Scheduling an NQA Test Group 596
- NQA Configuration Examples 597
- 64 SSH Configuration 606
- Asymmetric Key Algorithm 607
- SSH Operating Process 607
- Version negotiation 608
- Authentication 608
- Session request 609
- Interactive session 609
- Enabling SSH Server 610
- Configuring RSA and DSA Keys 611
- Configuring an SSH User 613
- 65 SFTP Service 629
- Configuring an SFTP Client 630
- Working with SFTP Files 632
- Displaying Help Information 632
- SFTP Configuration Example 633
- 66 SSL Configuration 637
- SSL Configuration Task List 638
- Troubleshooting SSL 642
- 67 HTTPS Configuration 643
- Enabling the HTTPS Service 644
- Control Policy 645
- HTTPS Configuration Example 646
- 68 PKI Configuration 648
- Architecture of PKI 649
- Applications of PKI 650
- Operation of PKI 650
- PKI Configuration Task List 651
- Configuring an Entity DN 651
- Configuring a PKI Domain 652
- Deleting a Certificate 658
- PKI Configuration Examples 659
- Networking diagram 663
- Troubleshooting PKI 664
- Failed to Retrieve CRLs 665
- 69 Track Configuration 666
- Detection Modules 667
- Application Modules 668
- Track Configuration Example 669
- 70 Index 672
Související produkty a manuály pro Směrovače H3c-technologies H3C WX6000 Series Access Controllers
(19 stránky)© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.055 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce