Configuration procedure for automatic request, Creating a pki entity – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 618

597

Configuration procedure for automatic request

Step Remarks

Required.
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and the identity information of an
entity, where the identity information is identified by an entity distinguished

name (DN). A CA uniquely identifies a certificate applicant by entity DN.
The parameter settings of an entity DN, optional or required, must be
compliant to the CA certificate issue policy. Otherwise, the certificate request

might be rejected.

2. Creating a PKI domain

Required.
Create a PKI domain, setting the certificate request mode to Auto.
Before requesting a PKI certificate, an entity needs to be configured with some
enrollment information, which is referred to as a PKI domain.
A PKI domain is intended only for convenience of reference by other
applications like IKE and SSL, and has only local significance.

3. Destroying the RSA key

pair

Optional.
If the certificate to be retrieved contains an RSA key pair, you must destroy the
existing RSA key pair. Otherwise, the certificate cannot be retrieved.

Destroying the existing RSA key pair also destroys the corresponding local
certificate.

4. Retrieving and

displaying a certificate

Optional.
Retrieve an existing certificate and display its contents.

IMPORTANT:

•

Before retrieving a local certificate in online mode, be sure to complete
LDAP server configuration.

•

If a CA certificate already exists, you cannot retrieve another CA certificate.
This restriction avoids inconsistency between the certificate and registration

information due to related configuration changes. To retrieve a new CA

certificate, remove the existing CA certificate and local certificate first.

5. Retrieving and

displaying a CRL

Optional.
Retrieve a CRL and display its contents.

Creating a PKI entity

From the navigation tree, select Authentication > Certificate Management.
The PKI entity list page is displayed by default.

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module