beautypg.com

Configuring the device – H3C Technologies H3C S6300 Series Switches User Manual

Page 216

background image

201

4.

Modify the Internet information services attributes:

a.

Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from
the start menu.

b.

Select Web Sites from the navigation tree.

c.

Right-click Default Web Site and select Properties > Home Directory.

d.

Specify the path for certificate service in the Local path box.

e.

Specify an available port number as the TCP port number for the default website to avoid
conflict with existing services. In this example, port 8080 is used.

Configuring the device

1.

Synchronize the system time of the device with the CA server, so that the device can correctly
request a certificate.

2.

Create an entity named aaa with the common name as test.

system-view

[Device] pki entity aaa

[Device-pki-entity-aaa] common-name test

[Device-pki-entity-aaa] quit

3.

Configure a PKI domain:
# Create a PKI domain named winserver and enter its view.

[Device] pki domain winserver

# Specify the name of the trusted CA as myca.

[Device-pki-domain-winserver] ca identifier myca

# Configure the URL of the registration server in the form of

http://host:port/certsrv/mscep/mscep.dll, where host:port is the host IP address and port number
of the CA server.

[Device-pki-domain-winserver] certificate request url

http://4.4.4.1:8080/certsrv/mscep/mscep.dll

# Specify the RA to accept certificate requests.

[Device-pki-domain-winserver] certificate request from ra

# Specify the PKI entity name as aaa.

[Device-pki-domain-winserver] certificate request entity aaa

# Specify the RSA key pair with the purpose general, the name abc, and the length 1024 bits.

[Device-pki-domain-winserver] public-key rsa general name abc length 1024

[Device-pki-domain-winserver] quit

4.

Generate an RSA local key pair:

[Device] public-key local create rsa name abc

The range of public key size is (512 ~ 2048).

If the key modulus is greater than 512,it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys...

..........................++++++

.....................................++++++

Create the key pair successfully.

5.

Request a local certificate:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: