Displaying and maintaining pki, Pki configuration examples, Certificate request from an rsa keon ca server – H3C Technologies H3C S6300 Series Switches User Manual
Page 212: Network requirements, Configuring the ca server
197
Displaying and maintaining PKI
Execute display commands in any view.
Task Command
Display the contents of a certificate.
display pki certificate domain domain-name { ca | local | peer
[ serial serial-num ] }
Display certificate request status.
display pki certificate request-status [ domain domain-name ]
Display locally stored CRLs.
display pki crl domain domain-name
Display certificate attribute group
information.
display pki certificate attribute-group [ group-name ]
Display certificate access control policy
information.
display pki certificate access-control-policy [ policy-name ]
PKI configuration examples
You can use different software applications, such as Windows server, RSA Keon, and OpenCA, to act as
the CA server.
If you use Windows server or OpenCA, install the SCEP add-on for Windows server or enable SCEP for
OpenCA. In either case, when you configure a PKI domain, you must use the certificate request from ra
command to specify the RA to accept certificate requests for PKI entity enrollment to an RA.
If you use RSA Keon, the SCEP add-on is not required. When you configure a PKI domain, you must use
the certificate request from ca command to specify the CA to accept certificate requests for PKI entity
enrollment to a CA.
Certificate request from an RSA Keon CA server
Network requirements
Configure the PKI entity (the device) to request a local certificate from the CA server.
Figure 70 Network diagram
Configuring the CA server
1.
Create a CA server named myca:
In this example, you must configure these basic attributes on the CA server:
{
Nickname—Name of the trusted CA.
{
Subject DN—DN attributes of the CA, including the common name (CN), organization unit
(OU), organization (O), and country (C).