For the implementation of the Web authentication using https on the HP5130, import the server certificate to the HP5130.It will introduce because it was a very unique procedure.
Procedure
1. Concatenation of server certificate and private key
Server certificate and private key into a single file by connecting in PEM format.Edited with a text editor.Please be careful in the character code.Here you have a name "server.cer".
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
~~~~~~~~~~~~~~~~~~~~~~~
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
----- END CERTIFICATE -----
----- BEGIN PRIVATE KEY -----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
~~~~~~~~~~~~~~~~~~~~~~~
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
----- END PRIVATE KEY -----
2. Connection of the intermediate certificate and root certificate
Intermediate certificate and root certificate is similarly linked in PEM format into a single file.top is the intermediate certificate and under is the root certificate.Here you have a name "root-ca.cer".
XXXXXXXXXXXXXXXXXXXXXXX
~~~~~~~~~~~~~~~~~~~~~~~
XXXXXXXXXXXXXXXXXXXXXXX
----- END CERTIFICATE -----
----- BEGIN CERTIFICATE -----
XXXXXXXXXXXXXXXXXXXXXXX
~~~~~~~~~~~~~~~~~~~~~~~
XXXXXXXXXXXXXXXXXXXXXXX
----- END CERTIFICATE -----
3. Preparation of the FTP server
Install and start the FTP server to the working PC or the like, and stores the above 2 files in the home directory.
4. Download from the FTP server
From HP5130 to the FTP server to create the IP reachable environment, to get the file in the FTP.
User (10.0.0.1:(none)): user1
Password:
230 User logged in
ftp> dir
ftp> get server.cer
ftp> get root-ca.cer
ftp> bye
5. Adjust Date and Time
Align if you do not match the date and time of the switch. Perhaps so that the error may appear when the time of the switch is not within the expiration date of the digital certificate.
6. Create a PKI domain and import Certificate
create a PKI domain with the following command, and then import the root certificate in it.
[HP] pki domain AuthDom
[HP-pki-domain-AuthDom] public-key rsa general name webauthdom3 length 2048
[HP-pki-domain-AuthDom] undo crl check enable
[HP] pki import domain AuthDom pem ca filename root-ca.cer
The trusted CA's finger print is:
MD5 fingerprint: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
SHA1 fingerprint: XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
? Is the finger print correct (Y / N): y
7. Import the Server Certificate
Import the server certificate as followed.
This import is complete. Confirmation command is below.
Root certificate, intermediate certificate installation status confirmation command
Server certificate installation status confirmation command
IT/インフラエンジニアの地位とスキル向上のために
あなたが成長の日々を歩めますように。
コメント
When I try to import the server certificate, the following happens (“Failed to import certificate):
System View: return to User View with Ctrl+Z.
[switch-hpe1]pki import domain AuthDom pem ca filename server.cer
The PKI domain already has a CA certificate. If it is overwritten, local certificates, peer
certificates and CRL of this domain will also be deleted.
Overwrite it? [Y/N]:y
Failed to import certificates.
Any idea why? The certificate itself is fine as far as I can tell
Thanks for your comment! But I have no idea why you can not import…
In my experience, it is failed only when switch clocks is out of term that certificate’s validate period.
So it might better you check the date of switch and certificate.
Hi Nesuke
Thank you for your guide.
I checked on the clock, it is set via NTP and correct.
Unfortunately it still does not work, I think the Switch expects some specific certificate or attributes in the certificate.
hello~have some thing wrong
like this
[HP] pki import domain AuthDom pem ca filename server.cer
ca –> local
right ?
Hi, perry.
RIGHT!!
Thanks for your comment!
And,,, ozzi,,,I’m very sorry. Please try again if not resolved yet.