Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 332
320
Figure 209 Network diagram
Configuration procedure
1.
Configure SecPath A:
# Configure the entity DN.
[SecPathA] pki entity en
[SecPathA-pki-entity-en] ip 2.2.2.1
[SecPathA-pki-entity-en] common-name SecPatha
[SecPathA-pki-entity-en] quit
# Configure the PKI domain. The URL of the registration server varies with the CA server.
[SecPathA] pki domain 1
[SecPathA-pki-domain-1] ca identifier CA1
[SecPathA-pki-domain-1] certificate request url
http://1.1.1.100/certsrv/mscep/mscep.dll
[SecPathA-pki-domain-1] certificate request entity en
[SecPathA-pki-domain-1] ldap-server ip 1.1.1.102
# Set the registration authority to RA.
[SecPathA-pki-domain-1] certificate request from ra
# Configure the CRL distribution URL. This is not necessary if CRL checking is disabled.
[SecPathA-pki-domain-1] crl url ldap://1.1.1.102
[SecPathA-pki-domain-1] quit
# Create a local key pair using RSA.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS