1230
C
97: PKI C
HAPTER
PKI Configuration
Examples
Configuring a PKI Entity
to Request a Certificate
from a CA
ONFIGURATION
To do...
Display CRLs
Display information about
one or all certificate attribute
groups
Display information about
one or all certificate
attribute-based access control
policies
c
CAUTION:
The SCEP plug-in is required when you use the Windows Server as the CA. In
■
this case, when configuring the PKI domain, you need to use the certificate
request from ra command to specify that the entity requests a certificate
from an RA.
The SCEP plug-in is not required when RSA Keon is used. In this case, when
■
configuring a PKI domain, you need to use the certificate request from ca
command to specify that the entity requests a certificate from a CA.
n
RSA Keon is used on the CA server in this configuration example.
Network requirements
The device submits a local certificate request to the CA server.
■
The device acquires the CRLs for certificate validation.
■
Network diagram
Figure 361 Diagram for configuring a PKI entity to request a certificate from a CA
Host
Configuration procedure
On the CA server, complete the following configurations:
1 Create a CA server named myca
In this example, you need to configure theses basic attributes on the CA server at
first:
Use the command...
display pki crl domain domain-name
display pki certificate attribute-group
{ group-name | all }
display pki certificate
access-control-policy { policy-name | all }
PKI entity
Switch
Internet
Remarks
Available in any
view
Available in any
view
Available in any
view
CA server