H3C Technologies H3C S6300 Series Switches User Manual
Page 203
188
Step Command
Remarks
5.
Specify the authority
for accepting
certificate requests.
certificate request from { ca | ra }
By default, no authority is
specified.
6.
Specify the URL of the
registration server for
certificate request.
certificate request url url-string
By default, the URL of the
registration server is not specified.
Do not configure this command
when you request a certificate in
offline mode.
7.
(Optional.) Set the
polling interval and
maximum number of
attempts for querying
the certificate request
status.
certificate request polling { count count |
interval minutes }
By default, the polling interval is 20
minutes, and the maximum number
of attempts is 50.
8.
Specify the LDAP
server.
ldap-server host hostname [ port
port-number ]
Required when the LDAP server
acts as the CRL repository, or the
URL of the CRL repository does not
contain the host name.
By default, no LDAP server is
specified.
9.
Specify the fingerprint
for root certificate
verification.
In non-FIPS mode:
root-certificate fingerprint { md5 | sha1 }
string
In FIPS mode:
root-certificate fingerprint sha1 string
Optional if you manually request
local certificates.
If you want to verify the fingerprint
manually, do not configure this
command.
By default, no fingerprint is
specified.
10.
Specify the key pair for
certificate request.
•
Specify an RSA key pair:
public-key rsa { { encryption name
encryption-key-name [ length
key-length ] | signature name
signature-key-name [ length
key-length ] } * | general name
key-name [ length key-length ] }
•
Specify a DSA key pair:
public-key dsa name key-name
[ length key-length ]
Use at either command.
By default, no key pair is specified.
You can specify a non-existing key
pair, which is generated during the
certificate application.
For information about how to
generate DSA and RSA key pairs,