Certificate Manager enables Public Key Infrastructure (PKI) capability on the switch providing authentication of network entities. This feature enables configuration and management of digital certificates on HP Networking switches, a key component of establishing digital identity in PKI.
Each entity in the PKI has their identity validated by a CA/RA. The CA issues a digital certificate as part of enrolling each entity into the PKI. This digital certificate is used by replying parties (e.g., network connection peers) to set up secure communication. Based on the information present in the certificate of the sender, the receiving entity can validate the authenticity of the sender and subsequently establish a secure communication channel.
The certificate manager CLI provides configuration support for integrating the switch into a customer’s PKI.
The profile defines required Anchor Trust for several certificate-specific operations, such as certificate enrollment and certificate validations. A trust anchor may be a Root CA certificate or an Intermediate CA certificate. The following command creates a trust anchor profile.
Syntax:
Definitions:
When permitted by the existing configuration, the Web UI creates a “default” Trust Anchor profile (the profile name is “default”) when a TA certificate is installed. The Web UI may only manage the TA certificate installed against the“default” profile—no other certificates are visible or installed via Web UI. An administrator may create this same “default” TA profile. Restrictions on the “default” profile are described in Local Certificate Installation.
The Web UI manages a TA profile implicitly and only under the following conditions:
In these cases the Web UI may configure the “default” TA Profile.
When a default profile does not exist and both TA Profiles have been configured by the CLI (i.e., they both have a name that is not ‘default’), the Web UI may not alter either TA profile and the usage web certificate to be installed must fit within a certificate chain belonging to an existing TA Profile.