Configuring A Pki Domain - HP MSR2000 Configuration Manual

FQDN of the entity.
•
• IP address of the entity.
Whether the categories are required or optional depends on the CA policy. Follow the CA policy to
configure the entity settings. For example, if the CA policy requires the entity DN, but you configure only
the IP address, the CA rejects the certificate request from the entity.
The SCEP add-on on the Windows 2000 CA server has restrictions on the data length of a certificate
request. If a request for a PKI entity exceeds the data length limit, the CA server does not respond to the
certificate request. In this case, you can use an out-of-band means to submit the request and the CA
server can issue a certificate. Other types of CA servers, such as RSA servers and OpenCA servers, do
not have such restrictions.
To configure a PKI entity:
Step
1. Enter system view.
2. Create a PKI entity and enter
its view.
3. Set a common name for the
entity.
4. Set the country code of the
entity.
5. Set the locality of the entity.
6. Set the organization of the
entity.
7. Set the unit of the entity in
the organization.
8. Set the state where the entity
resides.
9. Set the FQDN of the entity.
10. Configure the IP address of
the entity.

Configuring a PKI domain

A PKI domain contains enrollment information for a PKI entity. It is locally significant and is intended only
for reference by other applications like IKE.
The fingerprint of a CA root certificate is the hash value of the root certificate content. Each CA root
certificate has a unique hash value. You can specify the fingerprint used for verifying the root certificate
in the PKI domain.
After receiving a CA root certificate that does not exist locally, the PKI entity verifies the fingerprint of the
root certificate in the following cases:
For an obtained or imported CA root certificate, if its fingerprint does not match the one configured
•
for the PKI domain, the device rejects the root certificate, and the obtain or import operation fails.
Command
system-view
pki entity entity-name
common-name
common-name-sting
country country-code-string
locality locality-name
organization org-name
organization-unit org-unit-name
state state-name
fqdn fqdn-name-string
ip { ip-address | interface
interface-type
interface-number }
103
Remarks
N/A
By default, no PKI entities exist.
To create multiple PKI entities, repeat
this step.
By default, the common name is not set.
By default, the country code is not set.
By default, the locality is not set.
By default, the organization is not set.
By default, the unit is not set.
By default, the state is not set.
By default, the FQDN is not set.
By default, the IP address is not
configured.