beautypg.com

Certificate request from a windows 2003 ca server, Network requirements, Configuring the ca server – H3C Technologies H3C S6300 Series Switches User Manual

Page 215

background image

200

URI:http://4.4.4.133:447/myca.crl

Signature Algorithm: sha1WithRSAEncryption

836213A4 F2F74C1A 50F4100D B764D6CE

B30C0133 C4363F2F 73454D51 E9F95962

EDE9E590 E7458FA6 765A0D3F C4047BC2

9C391FF0 7383C4DF 9A0CCFA9 231428AF

987B029C C857AD96 E4C92441 9382E798

8FCC1E4A 3E598D81 96476875 E2F86C33

75B51661 B6556C5E 8F546E97 5197734B

C8C29AC7 E427C8E4 B9AAF5AA 80A75B3C

To display detailed information about the CA certificate, use the display pki certificate domain
command.

Certificate request from a Windows 2003 CA server

Network requirements

Configure the PKI entity (the device) to request a local certificate from the CA server. A Windows 2003

server acts as the CA server.

Figure 71 Network diagram

Configuring the CA server

1.

Install the certificate service component:

a.

Select Control Panel > Add or Remove Programs from the start menu.

b.

Select Add/Remove Windows Components > Certificate Services.

c.

Click Next to begin the installation.

d.

Set the CA name. In this example, set the CA name to myca.

2.

Install the SCEP add-on:
The Windows 2003 server does not support SCEP by default. Install the SCEP add-on on the server
so that the device can automatically register and obtain its certificate from the server. After the

SCEP add-on installation completes, you will see a URL. Use the URL to configure it on the device
as the URL of the registration server for certificate request.

3.

Modify the certificate service attributes:

a.

Select Control Panel > Administrative Tools > Certificate Authority from the start menu.
If the certificate service component and SCEP add-on have been installed successfully, there

should be two certificates issued by the CA to the RA.

b.

Right-click the CA server in the navigation tree and select Properties > Policy Module.

c.

Click Properties and then select Follow the settings in the certificate template, if applicable.
Otherwise, automatically issue the certificate.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: