beautypg.com

H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 661

background image

68-14

[AC-pki-domain-torsa] certificate request from ca

# Specify the entity for certificate request as aaa.

[AC-pki-domain-torsa] certificate request entity aaa

# Configure the URL for the CRL distribution point.

[AC-pki-domain-torsa] crl url http://4.4.4.133:447/myca.crl

[AC-pki-domain-torsa] quit

6) Generate a local key pair using RSA

[AC] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It may take a few minutes.

Press CTRL+C to abort.

Input the bits in the modulus [default = 1024]:

Generating keys...

........++++++

....................................++++++

.......++++++++

......................++++++++

.

7) Apply for certificates

# Retrieve the CA certificate and save it locally.

[AC] pki retrieval-certificate ca domain torsa

Retrieving CA/RA certificates. Please wait a while......

The trusted CA's finger print is:

MD5 fingerprint:EDE9 0394 A273 B61A F1B3 0072 A0B1 F9AB

SHA1 fingerprint: 77F9 A077 2FB8 088C 550B A33C 2410 D354 23B2 73A8

Is the finger print correct?(Y/N):y

Saving CA/RA certificates chain, please wait a moment......

CA certificates retrieval success.

# Retrieve CRLs and save them locally.

[AC] pki retrieval-crl domain torsa

Connecting to server for retrieving CRL. Please wait a while.....

CRL retrieval success!

# Apply for a local certificate manually.

[AC] pki request-certificate domain torsa challenge-word

Enrolling the local certificate,please wait a while......

Certificate request Successfully!

Saving the local certificate to device......

Done!

8) Verify your configuration

# Use the following command to view information about the local certificate acquired.

display pki certificate local domain torsa

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

9A96A48F 9A509FD7 05FFF4DF 104AD094