beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 326

background image

314

system-view

[SecPath] pki entity aaa

[SecPath-pki-entity-aaa] common-name SecPath

[SecPath-pki-entity-aaa] quit

2.

Configure the PKI domain:
# Create PKI domain torsa and enter its view.

[SecPath] pki domain torsa

# Configure the name of the trusted CA as myca.

[SecPath-pki-domain-torsa] ca identifier myca

# Configure the URL of the registration server in the format of http://host:port/Issuing Jurisdiction

ID, where Issuing Jurisdiction ID is a hexadecimal string generated on the CA server.

[SecPath-pki-domain-torsa] certificate request url

http://4.4.4.133:446/c95e970f632d27be5e8cbf80e971d9c4a9a93337

# Set the registration authority to CA.

[SecPath-pki-domain-torsa] certificate request from ca

# Specify the entity for certificate request as aaa.

[SecPath-pki-domain-torsa] certificate request entity aaa

# Configure the URL for the CRL distribution point.

[SecPath-pki-domain-torsa] crl url http://4.4.4.133:447/myca.crl

[SecPath-pki-domain-torsa] quit

3.

Generate a local key pair using RSA:

[SecPath] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Press CTRL+C to abort.

Input the bits in the modulus [default = 1024]:

Generating Keys...

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++

4.

Apply for certificates:
# Retrieve the CA certificate and save it locally.

[SecPath] pki retrieval-certificate ca domain torsa

Retrieving CA/RA certificates. Please wait a while......

The trusted CA's finger print is:

MD5 fingerprint:EDE9 0394 A273 B61A F1B3 0072 A0B1 F9AB

SHA1 fingerprint: 77F9 A077 2FB8 088C 550B A33C 2410 D354 23B2 73A8

Is the finger print correct?(Y/N):y

Saving CA/RA certificates chain, please wait a moment......

CA certificates retrieval success.

# Retrieve CRLs and save them locally.