Configuration guidelines – H3C Technologies H3C SecPath F1000-E User Manual
Page 337
325
•
Specify the CRL distribution URL.
•
Re-configure the LDAP version.
Configuration guidelines
When you configure PKI, note the following guidelines:
•
Make sure the clocks of entities and the CA are synchronous. Otherwise, the validity period of
certificates will be abnormal.
•
The Windows 2000 CA server has some restrictions on the data length of a certificate request. If the
PKI entity identity information in a certificate request goes beyond a certain limit, the server will not
respond to the certificate request.
•
The SCEP add-on is required when you use the Windows Server as the CA. In this case, specify RA
as the authority for certificate request when you configure the PKI domain.
•
The SCEP add-on is not required when you use the RSA Keon software as the CA. In this case,
specify CA as the authority for certificate request when you configure the PKI domain.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS