Configuring A Pki Entity - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (125 pages) ,
- Configuration manual (132 pages)
Table of Contents
Advertisement
Tasks at a glance
•
Configuring automatic certificate request
•
Manually requesting a certificate
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
Configuring a PKI entity
A certificate applicant uses an entity to provide its identity information to a CA. A valid PKI entity must
include one or more of following identity categories:
Distinguished name (DN) of the entity, which further includes the common name, county code,
•
locality, organization, unit in the organization, and state. If you configure the DN for an entity, a
common name is required.
•
FQDN of the entity.
IP address of the entity.
•
Whether the categories are required or optional depends on the CA policy. Follow the CA policy to
configure the entity settings. For example, if the CA policy requires the entity DN, but you configure only
the IP address, the CA rejects the certificate request from the entity.
The SCEP add-on on the Windows 2000 CA server has restrictions on the data length of a certificate
request. If a request from a PKI entity exceeds the data length limit, the CA server does not respond to the
certificate request. In this case, you can use an out-of-band means to submit the request. Other types of
CA servers, such as RSA servers and OpenCA servers, do not have such restrictions.
To configure a PKI entity:
Step
1.
Enter system view.
2.
Create a PKI entity and enter
its view.
3.
Set a common name for the
entity.
4.
Set the country code of the
entity.
5.
Set the locality of the entity.
6.
Set the organization of the
entity.
Aborting a certificate request
Obtaining certificates
Verifying PKI certificates
Specifying the storage path for the certificates and CRLs
Exporting certificates
Removing a certificate
Configuring a certificate-based access control policy
Command
system-view
pki entity entity-name
common-name
common-name-sting
country country-code-string
locality locality-name
organization org-name
Remarks
N/A
By default, no PKI entities exist.
To create multiple PKI entities, repeat
this step.
By default, the common name is not set.
By default, the country code is not set.
By default, the locality is not set.
By default, the organization is not set.
219
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
