Configuring A Pki Domain - HP FlexFabric 5700 Series Security Configuration Manual

Step
7. Set the unit of the entity in
the organization.
8. Set the state where the entity
resides.
9. Set the FQDN of the entity.
10. Configure the IP address of
the entity.

Configuring a PKI domain

A PKI domain contains enrollment information for a PKI entity. It is locally significant and is intended only
for reference by other applications like IKE and SSL.
To configure a PKI domain:
Step
1. Enter system view.
2. Create a PKI domain
and enter its view.
3. Specify the trusted CA.
4. Specify the PKI entity
name.
5. Specify the type of
certificate request
reception authority.
6. Specify the certificate
request URL.
7. (Optional.) Set the
SCEP polling interval
and maximum number
of polling attempts.
Command
organization-unit org-unit-name
state state-name
fqdn fqdn-name-string
ip { ip-address | interface
interface-type
interface-number }
Command
system-view
pki domain domain-name
ca identifier name
certificate request entity entity-name
certificate request from { ca | ra }
certificate request url url-string
certificate request polling { count count |
interval minutes }
220
Remarks
By default, the unit is not set.
By default, the state is not set.
By default, the FQDN is not set.
By default, the IP address is not
configured.
Remarks
N/A
By default, no PKI domains exist.
By default, no trusted CA is
specified.
To obtain a CA certificate, the
trusted CA name must be provided.
The trusted CA name uniquely
identifies the CA to be used if
multiple CAs exist on the same CA
server. The CA server's URL is
specified by using the certificate
request url command.
By default, no entity is specified.
By default, no authority type is
specified.
By default, the certificate request
URL is not specified.
Do not configure this command
when you request a certificate in
offline mode.
By default, the switch polls the CA
server for the certificate request
status every 20 minutes. The
maximum number of polling
attempts is 50.