Submitting A Pki Certificate Request; Submitting A Certificate Request In Auto Mode - H3C S5600 Series Operation Manual
Hide thumbs
Also See for S5600 Series:
- Operation manual (1278 pages) ,
- Configuration (313 pages) ,
- Operation manual (24 pages)
Table of Contents
Advertisement
To do...
Specify the authority for certificate
request
Configure the URL of the server for
certificate request
Configure the polling interval and
attempt limit for querying the
certificate request status
Specify the LDAP server
Configure the fingerprint for root
certificate verification
Currently, up to two PKI domains can be created on a device.
The CA name is required only when you retrieve a CA certificate. It is not used when in local
certificate request.
Currently, the URL of the server for certificate request does not support domain name resolving.
Submitting a PKI Certificate Request
When requesting a certificate, an entity introduces itself to the CA by providing its identity information
and public key, which will be the major components of the certificate. A certificate request can be
submitted to a CA in two ways: online and offline. In offline mode, a certificate request is submitted to a
CA by an "out-of-band" means such as phone, disk, or e-mail.
Online certificate request falls into two categories: manual mode and auto mode.
Submitting a Certificate Request in Auto Mode
In auto mode, an entity automatically requests a certificate through the SCEP protocol when it has no
local certificate or the present certificate is about to expire.
Follow these steps to configure an entity to submit a certificate request in auto mode:
To do...
Enter system view
Enter PKI domain view
Use the command...
certificate request from { ca | ra }
certificate request url url-string
certificate request polling
{ count count | interval minutes }
ldap-server ip ip-address [ port
port-number ] [ version
version-number ]
root-certificate fingerprint { md5
| sha1 } string
Use the command...
system-view
pki domain domain-name
1-7
Remarks
Required
No authority is specified by default.
Required
No URL is configured by default.
Optional
The polling is executed for up to 5
times at the interval of 20 minutes
by default.
Optional
No LDP server is specified by
default.
Required when the certificate
request mode is auto and optional
when the certificate request mode
is manual. In the latter case, if you
do not configure this command, the
fingerprint of the root certificate
must be verified manually.
No fingerprint is configured by
default.
Remarks
—
—
- Quick Links:
- Audience
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
