Configuring secpath – H3C Technologies H3C SecPath F1000-E User Manual

Page 329

317

To avoid conflict with existing services, specify an available port number as the TCP port number

of the default website.
After completing the configuration, check that the system clock of the router is synchronous to that
of the CA server, making sure that the router can request a certificate normally.

Configuring SecPath

Configure the entity DN:
# Configure the entity name as aaa and the common name as SecPath.

system-view

[SecPath] pki entity aaa

[SecPath-pki-entity-aaa] common-name SecPath

[SecPath-pki-entity-aaa] quit

Configure the PKI domain:
# Create PKI domain torsa and enter its view.

[SecPath] pki domain torsa

# Configure the name of the trusted CA as myca.

[SecPath-pki-domain-torsa] ca identifier myca

# Configure the URL of the registration server in the format of http://host:port/
certsrv/mscep/mscep.dll, where host:port indicates the IP address and port number of the CA

server.

[SecPath-pki-domain-torsa] certificate request url

http://4.4.4.1:8080/certsrv/mscep/mscep.dll

# Set the registration authority to RA.

[SecPath-pki-domain-torsa] certificate request from ra

# Specify the entity for certificate request as aaa.

[Router-pki-domain-torsa] certificate request entity aaa

Generate a local key pair using RSA:

[SecPath] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Press CTRL+C to abort.

Input the bits in the modulus [default = 1024]:

Generating Keys...

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++

Apply for c:ertificates:
# Retrieve the CA certificate and save it locally.

[SecPath] pki retrieval-certificate ca domain torsa

Retrieving CA/RA certificates. Please wait a while......

The trusted CA's finger print is:

MD5 fingerprint:766C D2C8 9E46 845B 4DCE 439C 1C1F 83AB

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS