Configuration guidelines – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 488
41-19
Select torsa as the PKI domain.
Select Password and then type challenge-word as the password.
Click Apply.
# Retrieve the CRL.
After retrieving a local certificate, select the CRL tab.
Click Retrieve CRL of the PKI domain of torsa, as shown in
Figure 41-26 Retrieve the CRL
Configuration Guidelines
When configuring PKI, note that:
1) Make sure the clocks of entities and the CA are synchronous. Otherwise, the validity period of
certificates will be abnormal.
2) The Windows 2000 CA server has some restrictions on the data length of a certificate request. If
the PKI entity identity information in a certificate request goes beyond a certain limit, the server will
not respond to the certificate request.
3) The SCEP plug-in is required when you use the Windows Server as the CA. In this case, you need
to specify RA as the authority for certificate request when configuring the PKI domain.
4) The SCEP plug-in is not required when you use the RSA Keon software as the CA. In this case,
you need to specify CA as the authority for certificate request when configuring the PKI domain.