H3C Technologies H3C WA3600 Series Access Points User Manual

244

Item Description

Institution

Select the authority for certificate request.

•

CA—Indicates that the entity requests a certificate from a CA.

•

RA—Indicates that the entity requests a certificate from an RA.

RA is recommended.

Requesting URL

URL of the RA.
The entity will submit the certificate request to the server at this URL through the SCEP
protocol. The SCEP protocol is intended for communication between an entity and an

authentication authority.
In offline mode, this item is optional. In other modes, this item is required.

IMPORTANT:

This item does not support domain name resolution.

LDAP IP

IP address, port number and version of the LDAP server.
In a PKI system, the storage of certificates and CRLs is a crucial problem, which is usually

addressed by deploying an LDAP server.

Port

Version

Request Mode

Select the online certificate request mode, which can be auto or manual.

Password Encrypt

Select this box to display the password in cipher text.
This box is available only when the certificate request mode is set to Auto.

Password

Password for certificate revocation.
This item is available only when the certificate request mode is set to Auto.

Fingerprint Hash

Fingerprint used for verifying the CA root certificate.
After receiving the root certificate of the CA, an entity must verify the fingerprint of the

root certificate, namely the hash value of the root certificate content. This hash value is
unique to every certificate. If the fingerprint of the root certificate does not match the one

configured for the PKI domain, the entity rejects the root certificate.

•

If you specify MD5 as the hash algorithm, enter an MD5 fingerprint. The fingerprint
must a string of 32 characters in hexadecimal notation.

•

If you specify SHA1 as the hash algorithm, enter an SHA1 fingerprint. The fingerprint

must a string of 40 characters in hexadecimal notation.

•

If you do not specify the fingerprint hash, do not enter any fingerprint. The entity does

not verify the CA root certificate, and you yourself must ensure that the CA server is

trusted.

IMPORTANT:

The fingerprint must be configured if you specify the certificate request mode as Auto. If you

specify the certificate request mode as Manual, you can leave the fingerprint settings null. If
you do not configure the fingerprint, the entity does not verify the CA root certificate and

you yourself must ensure that the CA server is trusted.

Fingerprint

Polling Count

Polling interval and attempt limit for querying the certificate request status.
After an entity makes a certificate request, the CA might need a long period of time if it
verifies the certificate request in manual mode. During this period, the applicant needs to

query the status of the request periodically to get the certificate as soon as possible after

the certificate is signed.

Polling Interval

Enable CRL
Checking

Specify that CRL checking is required during certificate verification.