Configuring A Pki Domain - H3C S5500-EI series Operation Manual

Operation Manual – PKI
H3C S5500-EI Series Ethernet Switches
Configure the IP address
for the entity
Configure the locality of
the entity
Configure the
organization name for the
entity
Configure the unit name
for the entity
Configure the state or
province for the entity
Note:
Currently, up to two entities can be created on a device.
Windows 2000 CA server has some restrictions on the data length of a certificate
request. If the entity DN in a certificate request goes beyond a certain limit, the
server does not respond to the certificate request.

1.4 Configuring a PKI Domain

Before requesting a PKI certificate, an entity needs to be configured with some
enrollment information, which is referred to as a PKI domain. A PKI domain is intended
only for convenience of reference by other applications, and has only local significance.
A PKI domain is defined by these parameters:
Trusted CA
An entity requests a certificate from a trusted CA.
Entity
A certificate applicant uses an entity to provide its identity information to a CA.
RA
Generally, an independent RA is in charge of certificate request management. It
receives the registration request from an entity, checks its qualification, and determines
whether to ask the CA to sign a digital certificate. The RA only checks the application
qualification of an entity; it does not issue any certificate. Sometimes, the registration
To do...
ip ip-address
locality locality-name
organization org-name
organization-unit
org-unit-name
state state-name
Use the command...
1-6
Chapter 1 PKI Configuration
Remarks
Optional
No IP address is specified
by default.
Optional
No locality is specified by
default.
Optional
No organization is
specified by default.
Optional
No unit is specified by
default.
Optional
No state or province is
specified by default.