Requesting A Certificate From An Openca Server - HP 5920 Series Configuration Manual

0f:d9:34:56:bc:1e:6f:ee:11:3f:7c:b2:52:f9:45:77:52:fb:
46:8a:ca:b7:9d:02:0d:4e:c3:19:8f:81:46:4e:03:1f:58:03:
bf:53:c6:c4:85:95:fb:32:70:e6:1b:f3:e4:10:ed:7f:93:27:
90:6b:30:e7:81:36:bb:e2:ec:f2:dd:2b:bb:b9:03:1c:54:0a:
00:3f:14:88:de:b8:92:63:1e:f5:b3:c2:cf:0a:d5:f4:80:47:
6f:fa:7e:2d:e3:a7:38:46:f6:9e:c7:57:9d:7f:82:c7:46:06:
7d:7c:39:c4:94:41:bd:9e:5c:97:86:c8:48:de:35:1e:80:14:
02:09:ad:08
To display detailed information about the CA certificate, use the display pki certificate domain
command.

Requesting a certificate from an OpenCA server

Network requirements
Configure the PKI entity (the device) to request a local certificate from the CA server.
Figure 75 Network diagram
Configuring the OpenCA server
Configure the OpenCA server as instructed in related manuals. (Details not shown.)
When you configure the CA server, use the OpenCA version later than version 0.9.2 because the earlier
versions do not support SCEP.
Configuring the device
1. Synchronize the system time of the device with the CA server, so that the device can correctly
request a certificate. (Details not shown.)
2. Create a PKI entity named aaa and configure the common name, country code, organization
name, and OU for the entity.
<Device> system-view
[Device] pki entity aaa
[Device-pki-entity-aaa] common-name rnd
[Device-pki-entity-aaa] country CN
[Device-pki-entity-aaa] organization test
[Device-pki-entity-aaa] organization-unit software
[Device-pki-entity-aaa] quit
3. Configure a PKI domain:
# Create a PKI domain named openca and enter its view.
[Device] pki domain openca
# Specify the name of the trusted CA as myca.
[Device-pki-domain-openca] ca identifier myca
206