beautypg.com

Submitting a pki certificate request, Submitting a certificate request in auto mode, Submitting a certificate request in manual mode – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 654

background image

68-7

To do…

Use the command…

Remarks

Configure the polling
interval and maximum
number of attempts for
querying the certificate
request status

certificate request polling
{ count count | interval minutes }

Optional
The polling is executed for up to 50 times
at the interval of 20 minutes by default.

Specify the LDAP server

ldap-server

ip ip-address [ port

port-number

] [ version

version-number

]

Optional
No LDP server is specified by default.

Configure the fingerprint for
root certificate validation

root-certificate fingerprint

{ md5

| sha1 } string

Optional
No fingerprint is configured by default.

z

Currently, up to two PKI domains can be created on a device.

z

The CA name is required only when you retrieve a CA certificate. It is not used when in local
certificate request.

Submitting a PKI Certificate Request

When requesting a certificate, an entity introduces itself to the CA by providing its identity information
and public key, which will be the major components of the certificate that the CA may issue to the entity.
A certificate request can be submitted to a CA in two ways: online and offline. In offline mode, a
certificate request is submitted to a CA by an “out-of-band” means such as phone, disk, or e-mail.

Online certificate request falls into two categories: manual mode and auto mode.

Submitting a Certificate Request in Auto Mode

In auto mode, an entity automatically requests a certificate through the SCEP protocol when it has no
local certificate or the present certificate is about to expire.

Follow these steps to configure an entity to submit a certificate request in auto mode:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter PKI domain view

pki domain domain-name

Set the certificate request mode to
auto

certificate request mode auto
[ key-length key-length | password
{ cipher | simple } password ] *

Required
Manual by default

Submitting a Certificate Request in Manual Mode

In manual mode, you need to retrieve a CA certificate, generate a local RSA key pair, and submit a local
certificate request for an entity.

The goal of retrieving a CA certificate is to verify the authenticity and validity of a local certificate.

See also other documents in the category H3C Technologies Routers: