H3C Technologies H3C SecPath F1000-E User Manual
Page 791
17
•
Select aaa as the local entity.
•
Select RA as the authority for certificate request.
•
Type http://4.4.4.1:8080/certsrv/mscep/mscep.dll as the URL for certificate request. The
URL must be in the format of http://host:port/certsrv/mscep/mscep.dll, where host and port are
the host address and port number of the CA server.
•
Select Manual as the certificate request mode.
•
Click Apply. When the system displays “Fingerprint of the root certificate not specified. No root
certificate validation will occur. Continue?”, click OK to confirm.
# Generate an RSA key pair.
•
Select VPN > PKI > Certificate from the navigation tree and then click Create Key to perform
the configurations shown in
.
Figure 18 Generate an RSA key pair
•
Click Apply to generate an RSA key pair.
# Retrieve the CA certificate.
•
Select VPN > PKI > Certificate from the navigation tree and then click Retrieve Cert to
perform the configurations shown in
.
Figure 19 Retrieve the certificate
•
Select torsa as the PKI domain.
•
Select CA as the certificate type.
•
Click Apply.
# Request a local certificate.
•
Select VPN > PKI > Certificate from the navigation tree and then click Request Cert to perform
the configurations shown in
.