Optional) Configuring Ca Certificate Fingerprint - Huawei AR1200-S Configuration Manual

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security
issue certificates to users and it only checks users' certificate credentials. Sometimes, a CA
implements the registration management function and therefore no independent RA is required.
Before an entity requests a certificate, an enrollment URL must be specified. The entity requests
a certificate using the Simple Certificate Enrollment Protocol (SCEP) with the server specified
by the enrollment URL. SCEP is used by entities to communicate with CAs.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
pki realm realm-name
A PKI domain is configured.
By default, no PKI domain is configured on the AR1200-S.
Step 3 Run:
ca id ca-name
A trusted CA name is configured.
By default, no trusted CA is configured on the AR1200-S.
Step 4 Run:
enrollment-url url
An enrollment URL is configured.
By default, no enrollment URL is configured on the AR1200-S.
----End

12.4.5 (Optional) Configuring CA Certificate Fingerprint

Before the AR1200-S obtains a root certificate from a CA, the AR1200-S needs to check the
CA root certificate fingerprint. The CA root certificate fingerprint is the hash value of the root
certificate and is unique to each certificate. If the CA root certificate fingerprint is different from
the fingerprint configured in a specified PKI domain, the AR1200-S refuses the issued root
certificate.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
pki realm realm-name
A PKI domain is configured.
By default, no PKI domain is configured on the AR1200-S.
Issue 02 (2012-03-30)
[ interval minutes ] [ times count ] [ ra ]
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12 PKI Configuration
242