Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
PKI certificate request
PKI certificate validation
Display and debug
9.2 Certificate Request Configuration
9.2.1 Certificate Request Overview
Certificate request is a process when an entity introduces itself to CA. The identity
information the entity provides will be contained in the certificate issued later. CA uses a
set of criteria to check applicant creditability, request purpose and identity reliability, to
ensure that certificates are bound to correct identity. Offline and non-auto out-of-band
(phone, storage disk and Email, for example) identity checkup may be required in this
process. If this process goes smoothly, CA issues a certificate to the user and displays
it along with some public information on the LDAP server for directory browsing. The
user can then download its own public-key digital certificate from the notified position,
and obtain those of others through the LDAP server. The request process proceeds
with:
Entering PKI domain view
Specifying a trustworthy CA
Configuring servers for certificate request
Configuring entity name space
Creating a local public — private key pair
Setting request polling interval and count
Configuring certificate request mode
Delivering a certificate request manually
Retrieving a certificate
9.2.2 Entering PKI Domain View
A PKI domain manages in a unified way a group of PKI users who trust a same third
trustworthy organization. That means, it suffices with the trust each member lays on CA;
no trust between the group members is required. It serves a lot in relieving system load
and extending the capability of PKI certificate system.
For the configuration of domain parameters, you should enter the PKI domain view.
Perform the following configuration in system view.
Table 9-1 Enter PKI domain view
Enter a designated PKI domain view
Delete a designated PKI domain and its
relative information
Operation
3Com Corporation
9-3
Chapter 9 PKI Configuration
Command
pki domain name
undo pki domain name
Advertisement
Chapters
Table of Contents
Troubleshooting
