Certificate request from an openca server, Network requirements, Configuring the ca server – H3C Technologies H3C S6300 Series Switches User Manual

203

X509v3 CRL Distribution Points:

URI:http://l00192b/CertEnroll/CA%20server.crl

URI:file://\\l00192b\CertEnroll\CA server.crl

Authority Information Access:

CA Issuers - URI:http://l00192b/CertEnroll/l00192b_CA%20server.crt

CA Issuers - URI:file://\\l00192b\CertEnroll\l00192b_CA server.crt

1.3.6.1.4.1.311.20.2:

.0.I.P.S.E.C.I.n.t.e.r.m.e.d.i.a.t.e.O.f.f.l.i.n.e

Signature Algorithm: sha1WithRSAEncryption

81029589 7BFA1CBD 20023136 B068840B

…

To display detailed information about the CA certificate, use the display pki certificate domain
command.

Certificate request from an OpenCA server

Network requirements

Configure the PKI entity (the device) to request a local certificate from the CA server.

Figure 72 Network diagram

Configuring the CA server

The configuration is not shown. For information about how to configure an OpenCA server, see related

manuals.
When you configure the CA server, use the OpenCA version later than version 0.9.2 because the earlier

versions do not support SCEP.

Configuring the device

1.

Synchronize the system time of the device with the CA server, so that the device can correctly

request a certificate.

2.

Create an entity named aaa with the common name as rnd, the country code as CN, the
organization name as test, and the unit name as software.

system-view

[Device] pki entity aaa

[Device-pki-entity-aaa] common-name rnd

[Device-pki-entity-aaa] country CN

[Device-pki-entity-aaa] organization test

[Device-pki-entity-aaa] organization-unit software

[Device-pki-entity-aaa] quit