H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 467
451
Recommended configuration procedure for manual request
Step Remarks
Required.
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and an entity, where an entity is the
collection of the identity information of a user. A CA identifies a certificate
applicant by entity.
The identity settings of an entity must be compliant to the CA certificate issue
policy. Otherwise, the certificate request might be rejected.
Required.
Create a PKI domain, setting the certificate request mode to Manual.
Before requesting a PKI certificate, an entity needs to be configured with some
enrollment information, which is referred to as a PKI domain.
A PKI domain is intended only for convenience of reference by other
applications like IKE and SSL, and has only local significance.
Required.
Generate a local RSA key pair.
By default, no local RSA key pair exists.
Generating an RSA key pair is an important step in certificate request. The key
pair includes a public key and a private key. The private key is kept by the
user, and the public key is transferred to the CA along with some other
information.
IMPORTANT:
If a local certificate already exists, you must remove the certificate before
generating a new key pair, so as to keep the consistency between the key pair
and the local certificate.
4.
Retrieving the CA
certificate
Required.
Certificate retrieval serves the following purposes:
•
Locally store the certificates associated with the local security domain for
improved query efficiency and reduced query count,
•
Prepare for certificate verification.
IMPORTANT:
If a local CA certificate already exists, you cannot perform the CA certificate
retrieval operation. This will avoid possible mismatch between certificates and
registration information resulting from relevant changes. To retrieve the CA
certificate, you must remove the CA certificate and local certificate first.