beautypg.com

Pki configuration task list, Configuring an entity dn – H3C Technologies H3C S3600 Series Switches User Manual

Page 1169

background image

1-4

2) The RA reviews the identity of the entity and then sends the identity information and the public key

with a digital signature to the CA.

3) The CA verifies the digital signature, approves the application, and issues a certificate.

4) The RA receives the certificate from the CA, sends it to the LDAP server to provide directory

navigation service, and notifies the entity that the certificate is successfully issued.

5) The entity retrieves the certificate. With the certificate, the entity can communicate with other

entities safely through encryption and digital signature.

6) The entity makes a request to the CA when it needs to revoke its certificate, while the CA approves

the request, updates the CRLs and publishes the CRLs on the LDAP server.

PKI Configuration Task List

Complete the following tasks to configure PKI:

Task

Remarks

Configuring an Entity DN

Required

Configuring a PKI Domain

Required

Submitting a Certificate
Request in Auto Mode

Submitting a PKI Certificate
Request

Submitting a Certificate
Request in Manual Mode

Required

Use either approach

Retrieving a Certificate Manually

Optional

Configuring PKI Certificate

Optional

Destroying a Local RSA Key Pair

Optional

Deleting a Certificate

Optional

Configuring an Access Control Policy

Optional

Configuring an Entity DN

A certificate is the binding of a public key and the identity information of an entity, where the identity

information is identified by an entity distinguished name (DN). A CA identifies a certificate applicant

uniquely by entity DN.

An entity DN is defined by these parameters:

z

Common name of the entity.

z

Country code of the entity, a standard 2-character code. For example, CN represents China and

US represents the United States of America.

z

Fully qualified domain name (FQDN) of the entity, a unique identifier of an entity on the network. It

consists of a host name and a domain name and can be resolved to an IP address. For example,

www.whatever.com is an FQDN, where www is a host name and whatever.com a domain name.

z

IP address of the entity.

z

Locality where the entity resides.

z

Organization to which the entity belongs.

z

Unit of the entity in the organization.

z

State where the entity resides.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: