H3C Technologies H3C SecPath F1000-E User Manual
Page 311
299
c.
Enter en as the PKI entity name, enter device-a as the common name, enter 2.2.2.1 as the IP
address of the entity, and click Apply.
Figure 199 Adding PKI entity
2.
Create a PKI domain:
a.
From the navigation tree, select VPN > Certificate Management > Domain.
b.
Click Add.
c.
In the upper area of the page, enter 1 as the PKI domain name, enter CA1 as the CA identifier,
select en as the local entity, select RA as the authority for certificate request, enter
http://1.1.1.100/certsrv/mscep/mscep.dll as the URL for certificate request (the RA URL given
here is just an example. Configure the RA URL as required), enter 1.1.1.102 as the IP address
of the LDAP server and 389 as the port number, select 2 as the version number, and select
Manual as the certificate request mode.
d.
Click the expansion button before Advanced Configuration to display the advanced
configuration items.
e.
In the advanced configuration area, click the Enable CRL Checking box, and enter
ldap://1.1.1.102 as the URL for CRLs.
f.
Click Apply.
The system displays "Fingerprint of the root certificate not specified. No root certificate
validation will occur. Continue?"
g.
Click OK to confirm.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS