beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 123

background image

112

Step Remarks

5. Requesting a local certificate

Required.
When requesting a certificate, an entity introduces itself to the CA by

providing its identity information and public key, which will be the major
components of the certificate.
A certificate request can be submitted to a CA in online mode or offline
mode.

In online mode, if the request is granted, the local certificate will be

retrieved to the local system automatically.

In offline mode, you must retrieve the local certificate by an

out-of-band means.

IMPORTANT:

If a local certificate already exists, you cannot perform the local certificate

retrieval operation. This helps avoid possible mismatch between the local
certificate and registration information resulting from relevant changes. To

retrieve a new local certificate, you must remove the CA certificate and
local certificate first.

6. Destroying the RSA key pair

Optional.
If the certificate to be retrieved contains an RSA key pair, you must

destroy the existing RSA key pair on the device. Otherwise, the certificate
cannot be retrieved.
Destroying the RSA key pair also destroys the proper local certificate.

7. Retrieving and displaying a

certificate

Required for certificate request in offline mode.
Retrieve an existing certificate and display its information.

IMPORTANT:

Before retrieving a local certificate in online mode, be sure to complete

LDAP server configuration.
If you request a certificate in offline mode, you must retrieve the

downloaded CA certificate and local certificate and save them locally.

8. Retrieving and displaying a

CRL

Optional.
Retrieve a CRL and display its contents.

Recommended configuration procedure for automatic request

Step Remarks

1. Creating a PKI entity

Required.
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and the identity information of

an entity, where the DN shows the identity information of the entity. A CA
identifies a certificate applicant uniquely by an entity DN.
The DN settings of an entity must be compliant to the CA certificate issue
policy. Otherwise, the certificate request might be rejected. You must

know the policy to determine which entity parameters are mandatory or
optional.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: