beautypg.com

Pki configuration examples, Network requirements, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 292

background image

278

Task Command

Remarks

Display CRLs.

display pki crl domain
domain-name [ | { begin | exclude
| include } regular-expression ]

Available in any view

Display information about one or
all certificate attribute groups.

display pki certificate

attribute-group { group-name |
all } [ | { begin | exclude |

include } regular-expression ]

Available in any view

Display information about one or
all certificate attribute-based

access control policies.

display pki certificate
access-control-policy { policy-name

| all } [ | { begin | exclude |
include } regular-expression ]

Available in any view

PKI configuration examples

CAUTION:

When the CA uses Windows Server, the SCEP add-on is required, and you must use the certificate
request from ra command to specify that the entity request a certificate from an RA.

When the CA uses RSA Keon, the SCEP add-on is not required, and you must use the certificate request
from ca command to specify that the entity request a certificate from a CA.

Requesting a certificate from a CA running RSA Keon

Network requirements

As shown in

Figure 123

, the AC submits a local certificate request to the CA server.

The AC acquires the CRLs for certificate verification.

Figure 123 Network diagram

Configuration procedure

1.

Configure the CA server

# Create a CA server named myca.
In this example, configure these basic attributes on the CA server:

Nickname: Name of the trusted CA.