Network requirements, Configuring the ca server – H3C Technologies H3C SecPath F1000-E User Manual
Page 328
316
URI:http://4.4.4.133:447/myca.crl
Signature Algorithm: sha1WithRSAEncryption
836213A4 F2F74C1A 50F4100D B764D6CE
B30C0133 C4363F2F 73454D51 E9F95962
EDE9E590 E7458FA6 765A0D3F C4047BC2
9C391FF0 7383C4DF 9A0CCFA9 231428AF
987B029C C857AD96 E4C92441 9382E798
8FCC1E4A 3E598D81 96476875 E2F86C33
75B51661 B6556C5E 8F546E97 5197734B
C8C29AC7 E427C8E4 B9AAF5AA 80A75B3C
You can also use the display pki certificate ca domain and display pki crl domain commands to view
detailed information about the CA certificate and CRLs.
Requesting a certificate from a CA server running Windows
2003 Server
Network requirements
Configure PKI entity SecPath to request a local certificate from the CA server.
Figure 208 Network diagram
Configuring the CA server
1.
Install the certificate service suites:
From the start menu, select Control Panel > Add or Remove Programs, and then select
Add/Remove Windows Components > Certificate Services and click Next to begin the installation.
2.
Install the SCEP add-on:
As a CA server running the Windows 2003 server does not support SCEP by default, you need to
install the SCEP add-on so that the router can register and obtain its certificate automatically. After
the SCEP add-on installation completes, a URL is displayed, which you need to configure on the
router as the URL of the server for certificate registration.
3.
Modify the certificate service attributes:
From the start menu, select Control Panel > Administrative Tools > Certificate Authority. If the CA
server and SCEP add-on have been installed successfully, there should be two certificates issued
by the CA to the RA. Right-click the CA server in the navigation tree and select Properties > Policy
Module. Click Properties and then select Follow the settings in the certificate template, if
applicable. Otherwise, automatically issue the certificate.
4.
Modify the Internet Information Services (IIS) attributes:
From the start menu, select Control Panel > Administrative Tools > Internet Information Services (IIS)
Manager and then select Web Sites from the navigation tree. Right-click Default Web Site and
select Properties > Home Directory. Specify the path for certificate service in the Local path field.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS