beautypg.com

H3C Technologies H3C WA3600 Series Access Points User Manual

Page 253

background image

240

Step Remarks

5. Requesting a local certificate

Required.
When requesting a certificate, an entity introduces itself to the CA by

providing its identity information and public key, which are the major
components of the certificate.
A certificate request can be submitted to a CA in online mode or offline
mode.

In online mode, if the request is granted, the local certificate is

retrieved to the local system automatically.

In offline mode, you must retrieve the local certificate by an

out-of-band means.

IMPORTANT:

If a local certificate already exists, you cannot perform the local certificate

retrieval operation. This mechanism helps avoid possible mismatch
between the local certificate and registration information resulting from

relevant changes. To retrieve a new local certificate, you must remove the
CA certificate and local certificate first.

6. Destroying the RSA key pair

Optional.
If the certificate to be retrieved contains an RSA key pair, you must

destroy the existing RSA key pair. Otherwise, the certificate cannot be
retrieved. Destroying the existing RSA key pair also destroys the

corresponding local certificate.

7. Retrieving and displaying a

certificate

Required if you request a certificate in offline mode
Retrieve an existing certificate and display its contents.

IMPORTANT:

If you request a certificate in offline mode, you must retrieve the CA
certificate and local certificate by an out-of-band means.

Before retrieving a local certificate in online mode, be sure to

complete LDAP server configuration.

8. Retrieving and displaying a

CRL

Optional.
Retrieve a CRL and display its contents.

Recommended configuration procedure for automatic request

Step Remarks

1. Creating a PKI entity

Required.
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and an entity, where an entity
is the collection of the identity information of a user. A CA identifies a

certificate applicant by entity.
The identity settings of an entity must be compliant to the CA certificate
issue policy. Otherwise, the certificate request might be rejected.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: