Creating a pki entity – H3C Technologies H3C SecPath F1000-E User Manual
Page 292
280
Task Remarks
Optional
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you need to destroy the
existing RSA key pair. Otherwise, the retrieving operation will fail.
Retrieving and
displaying a
certificate
Optional
Retrieve an existing certificate and display its information.
IMPORTANT:
•
Before retrieving a local certificate in online mode, be sure to complete LDAP server
configuration.
•
If a PKI domain already has a CA certificate, you cannot retrieve another CA
certificate for it. This is in order to avoid inconsistency between the certificate and
registration information due to related configuration changes. To retrieve a new CA
certificate, use the pki delete-certificate command to delete the existing CA
certificate and local certificate first.
Retrieving and
displaying a CRL
Optional
Retrieve a CRL and display its contents.
Creating a PKI entity
1.
From the navigation tree, select VPN > Certificate Management > Entity.
Figure 171 PKI entity list
2.
Click Add.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS