beautypg.com

Submitting a pki certificate request, Submitting a certificate request in auto mode – H3C Technologies H3C S3600 Series Switches User Manual

Page 1172

background image

1-7

To do…

Use the command…

Remarks

Specify the entity for certificate
request

certificate request entity
entity-name

Required

No entity is specified by default.

The specified entity must exist.

Specify the authority for
certificate request

certificate request from { ca |
ra }

Required

No authority is specified by
default.

Configure the URL of the server
for certificate request

certificate request url
url-string

Required

No URL is configured by
default.

Configure the polling interval
and attempt limit for querying
the certificate request status

certificate request polling
{ count count | interval
minutes }

Optional

The polling is executed for up to
5 times at the interval of 20
minutes by default.

Specify the LDAP server

ldap-server ip ip-address
[ port port-number ] [ version
version-number ]

Optional

No LDP server is specified by
default.

Configure the fingerprint for
root certificate verification

root-certificate fingerprint
{ md5 | sha1 } string

Required when the certificate
request mode is auto and
optional when the certificate
request mode is manual. In the
latter case, if you do not
configure this command, the
fingerprint of the root certificate
must be verified manually.

No fingerprint is configured by
default.

z

Currently, up to two PKI domains can be created on a device.

z

The CA name is required only when you retrieve a CA certificate. It is not used when in local

certificate request.

z

Currently, the URL of the server for certificate request does not support domain name resolving.

Submitting a PKI Certificate Request

When requesting a certificate, an entity introduces itself to the CA by providing its identity information

and public key, which will be the major components of the certificate. A certificate request can be

submitted to a CA in two ways: online and offline. In offline mode, a certificate request is submitted to a

CA by an “out-of-band” means such as phone, disk, or e-mail.

Online certificate request falls into two categories: manual mode and auto mode.

Submitting a Certificate Request in Auto Mode

In auto mode, an entity automatically requests a certificate through the SCEP protocol when it has no

local certificate or the present certificate is about to expire.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: