Table of Contents
Advertisement
Operation Manual – PKI
H3C S3610&S5510 Series Ethernet Switches
Configure the URL of the
server for certificate
request
Configure the polling
interval and maximum
number of attempts for
querying the certificate
request status
Specify the LDAP server
Configure the fingerprint
for root certificate
validation
Note:
Currently, up to two PKI domains can be created on a device.
The CA name is required only when you retrieve a CA certificate. It is not used when
in local certificate request.
1.5 Submitting a PKI Certificate Request
When requesting a certificate, an entity introduces itself to the CA by providing its
identity information and public key, which will be the major components of the certificate
that the CA may issue to the entity. A certificate request can be submitted to a CA in two
ways: online and offline. In offline mode, a certificate request is submitted to a CA by an
"out-of-band" means such as phone, disk, or e-mail.
Online certificate request falls into two categories: manual mode and auto mode.
1.5.1 Submitting a Certificate Request in Auto Mode
In auto mode, an entity automatically requests a certificate through the SCEP protocol
when it has no local certificate or the present certificate is about to expire.
To do...
certificate request url
url-string
certificate request
polling { count count |
interval minutes }
ldap-server ip ip-address
[ port port-number ]
[ version
version-number ]
root-certificate
fingerprint { md5 | sha1 }
string
Use the command...
1-8
Chapter 1 PKI Configuration
Remarks
Required
No URL is configured by
default.
Optional
The polling is executed for
up to 50 times at the
interval of 20 minutes by
default.
Optional
No LDP server is
specified by default.
Optional
No fingerprint is
configured by default.
Advertisement
Chapters
Table of Contents
Troubleshooting
