Verifying the configuration – H3C Technologies H3C S6300 Series Switches User Manual
Page 219
204
3.
Configure a PKI domain:
# Create a PKI domain named openca and enter its view.
[Device] pki domain openca
# Specify the name of the trusted CA as myca.
[Device-pki-domain-openca] ca identifier myca
# Configure the URL of the registration server in the form of http://host/cgi-bin/pki/scep, where
host is the host IP address of the OpenCA server.
[Device-pki-domain-openca] certificate request url
http://192.168.222.218/cgi-bin/pki/scep
# Specify the RA to accept certificate requests.
[Device-pki-domain-openca] certificate request from ra
# Specify the PKI entity name as aaa.
[Device-pki-domain-openca] certificate request entity aaa
# Specify the RSA key pair with the purpose general, the name abc, and the length 1024 bits.
[Device-pki-domain-openca] public-key rsa general name abc length 1024
[Device-pki-domain-openca] quit
4.
Generate a local RSA key pair.
[Device] public-key local create rsa name abc
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512,it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
..........................++++++
.....................................++++++
Create the key pair successfully.
5.
Request a local certificate:
# Obtain the CA certificate and save it locally.
[Device] pki retrieve-certificate domain openca ca
The trusted CA's finger print is:
MD5 fingerprint:5AA3 DEFD 7B23 2A25 16A3 14F4 C81C C0FA
SHA1 fingerprint:9668 4E63 D742 4B09 90E0 4C78 E213 F15F DC8E 9122
Is the finger print correct?(Y/N):y
# Submit a certificate request manually.
[Device] pki request-certificate domain openca
Start to request the general certificate ...
…
Request certificate of domain openca successfully
Verifying the configuration
# After obtaining the local certificate, display information about the certificate.
[Device] display pki certificate domain openca local
Certificate:
Data:
Version: 3 (0x2)
Serial Number: