3Com 4500G Family Configuration Manual page 1021

Configure Device as the HTTPS server and apply a certificate for Device.
Apply a certificate for the HTTPS client Host for Device to authenticate it.
The name of the CA (Certificate Authority) that issues certificate to Device is new-ca.
In this configuration example, Windows Server serves as CA and you need to install Simple
Certificate Enrollment Protocol (SCEP) component.
Before the following configurations, ensure that there is an available route between Device, Host
and CA.
Figure 2-1 Network diagram for HTTPS configuration
Configuration procedure
1) Configure the HTTPS server Device:
# Configure PKI entity en, and specify its common name as http-server1, and FQDN as
ssl.security.com.
<Device> system-view
[Device] pki entity en
[Device-pki-entity-en] common-name http-server1
[Device-pki-entity-en] fqdn ssl.security.com
[Device-pki-entity-en] quit
# Configure a PKI domain 1, specify the trusted CA as new-ca, the URL of the server for certificate
request as http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and
the entity name as en.
[Device] pki domain 1
[Device-pki-domain-1] ca identifier new-ca
[Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll
[Device-pki-domain-1] certificate request from ra
[Device-pki-domain-1] certificate request entity en
[Device-pki-domain-1] quit
# Generate a local RSA key pair.
[Device] public-key local create rsa
# Retrieve a CA certificate.
[Device] pki retrieval-certificate ca domain 1
# Request a local certificate for Device.
[Device] pki request-certificate domain 1
2-5