Distinguished name (DN) of the entity, which further includes the common name, county code,
locality, organization, unit in the organization, and state. If you configure the DN for an entity, a

common name is required.

•

FQDN of the entity.

•

IP address of the entity.

Whether the categories are required or optional depends on the CA policy. Follow the CA policy to
configure the entity settings. For example, if the CA policy requires the entity DN, but you configure only

the IP address, the CA rejects the certificate request from the entity.
The SCEP add-on on the Windows 2000 CA server has restrictions on the data length of a certificate

request. If a request for a PKI entity exceeds the data length limit, the CA server does not respond to the
certificate request. In this case, you can use an out-of-band means to submit the request and the CA

server can issue a certificate. Other types of CA servers, such as RSA servers and OpenCA servers, do

not have such restrictions.
To configure a PKI entity:

Step Command

Remarks

Enter system view.

system-view

N/A

Create a PKI entity and enter
its view.

pki entity entity-name

By default, no PKI entities exist.
To create multiple PKI entities, repeat

this step.

Set a common name for the
entity.

common-name
common-name-sting

By default, the common name is not set.

Set the country code of the
entity.

country country-code-string

By default, the country code is not set.

Set the locality of the entity. locality locality-name

By default, the locality is not set.

Set the organization of the

entity.

organization org-name

By default, the organization is not set.

This manual is related to the following products:

H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches