H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 661
68-14
[AC-pki-domain-torsa] certificate request from ca
# Specify the entity for certificate request as aaa.
[AC-pki-domain-torsa] certificate request entity aaa
# Configure the URL for the CRL distribution point.
[AC-pki-domain-torsa] crl url http://4.4.4.133:447/myca.crl
[AC-pki-domain-torsa] quit
6) Generate a local key pair using RSA
[AC] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It may take a few minutes.
Press CTRL+C to abort.
Input the bits in the modulus [default = 1024]:
Generating keys...
........++++++
....................................++++++
.......++++++++
......................++++++++
.
7) Apply for certificates
# Retrieve the CA certificate and save it locally.
[AC] pki retrieval-certificate ca domain torsa
Retrieving CA/RA certificates. Please wait a while......
The trusted CA's finger print is:
MD5 fingerprint:EDE9 0394 A273 B61A F1B3 0072 A0B1 F9AB
SHA1 fingerprint: 77F9 A077 2FB8 088C 550B A33C 2410 D354 23B2 73A8
Is the finger print correct?(Y/N):y
Saving CA/RA certificates chain, please wait a moment......
CA certificates retrieval success.
# Retrieve CRLs and save them locally.
[AC] pki retrieval-crl domain torsa
Connecting to server for retrieving CRL. Please wait a while.....
CRL retrieval success!
# Apply for a local certificate manually.
[AC] pki request-certificate domain torsa challenge-word
Enrolling the local certificate,please wait a while......
Certificate request Successfully!
Saving the local certificate to device......
Done!
8) Verify your configuration
# Use the following command to view information about the local certificate acquired.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
9A96A48F 9A509FD7 05FFF4DF 104AD094