beautypg.com

Network requirements, Configuring the ca server – H3C Technologies H3C SecPath F1000-E User Manual

Page 328

background image

316

URI:http://4.4.4.133:447/myca.crl

Signature Algorithm: sha1WithRSAEncryption

836213A4 F2F74C1A 50F4100D B764D6CE

B30C0133 C4363F2F 73454D51 E9F95962

EDE9E590 E7458FA6 765A0D3F C4047BC2

9C391FF0 7383C4DF 9A0CCFA9 231428AF

987B029C C857AD96 E4C92441 9382E798

8FCC1E4A 3E598D81 96476875 E2F86C33

75B51661 B6556C5E 8F546E97 5197734B

C8C29AC7 E427C8E4 B9AAF5AA 80A75B3C

You can also use the display pki certificate ca domain and display pki crl domain commands to view
detailed information about the CA certificate and CRLs.

Requesting a certificate from a CA server running Windows
2003 Server

Network requirements

Configure PKI entity SecPath to request a local certificate from the CA server.

Figure 208 Network diagram

Configuring the CA server

1.

Install the certificate service suites:
From the start menu, select Control Panel > Add or Remove Programs, and then select
Add/Remove Windows Components > Certificate Services and click Next to begin the installation.

2.

Install the SCEP add-on:
As a CA server running the Windows 2003 server does not support SCEP by default, you need to
install the SCEP add-on so that the router can register and obtain its certificate automatically. After

the SCEP add-on installation completes, a URL is displayed, which you need to configure on the

router as the URL of the server for certificate registration.

3.

Modify the certificate service attributes:
From the start menu, select Control Panel > Administrative Tools > Certificate Authority. If the CA

server and SCEP add-on have been installed successfully, there should be two certificates issued
by the CA to the RA. Right-click the CA server in the navigation tree and select Properties > Policy

Module. Click Properties and then select Follow the settings in the certificate template, if

applicable. Otherwise, automatically issue the certificate.

4.

Modify the Internet Information Services (IIS) attributes:
From the start menu, select Control Panel > Administrative Tools > Internet Information Services (IIS)
Manager and then select Web Sites from the navigation tree. Right-click Default Web Site and

select Properties > Home Directory. Specify the path for certificate service in the Local path field.