3Com MSR 50 Series Configuration Manual page 1845

PKI Configuration Examples 1845
[RouterA]pki domain 1
[RouterA-pki-domain-1] ca identifier CA1
[RouterA-pki-domain-1] certificate request url http://1.1.1.100/cert
srv/mscep/mscep.dll
[RouterA-pki-domain-1] certificate request entity en
[RouterA-pki-domain-1] ldap-server ip 1.1.1.102
# Set the registration authority to RA.
[RouterA-pki-domain-1] certificate request from ra
# Configure the URL for the CRL distribution. This is not necessary if CRL checking
is disabled.
[RouterA-pki-domain-1] crl url ldap://1.1.1.102
[RouterA-pki-domain-1] quit
# Create a local key pair using RSA.
[RouterA] public-key local create rsa
# Request a certificate.
[RouterA] pki retrieval-certificate ca domain 1
[RouterA] pki retrieval-crl domain 1
[RouterA] pki request-certificate domain 1
# Configure IKE proposal 1, using RSA signature for identity authentication.
[RouterA] ike proposal 1
[RouterA-ike-proposal-1] authentication-method rsa-signature
[RouterA-ike-proposal-1] quit
# Specify the PKI domain for the IKE peer.
[RouterA]ike peer peer
[RouterA-ike-peer-peer]certificate domain 1
2 Configure Router B
# Configure the entity name space.
<RouterB> system-view
[RouterB] pki entity en
[RouterB-pki-entity-en] ip 3.3.3.1
[RouterB-pki-entity-en] common-name routerB
[RouterB-pki-entity-en] quit
# Configure the PKI domain. Note that the URL of the enrollment server varies by
the used CA server.
[RouterB]pki domain 1
[RouterB-pki-domain-1] ca identifier CA2
[RouterB-pki-domain-1] certificate request url http://2.1.1.100/cert
srv/mscep/mscep.dll
[RouterB-pki-domain-1] certificate request entity en
[RouterB-pki-domain-1] ldap-server ip 2.1.1.102