Creating a pki entity – H3C Technologies H3C SecBlade LB Cards User Manual

113

Step Remarks

2. Creating a PKI domain

Required.
Create a PKI domain, setting the certificate request mode to Auto.
Before requesting a PKI certificate, an entity needs to be configured with

some enrollment information, which is referred to as a PKI domain.
A PKI domain is intended only for convenience of reference by other
applications like IKE and SSL, and has only local significance.

3. Destroying the RSA key pair

Optional.
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you must

destroy the existing RSA key pair. Otherwise, the retrieving operation will
fail.

4. Retrieving and displaying a

certificate

Optional.
Retrieve an existing certificate and display its information.

IMPORTANT:

•

Before retrieving a local certificate in online mode, be sure to
complete LDAP server configuration.

•

If a PKI domain already has a CA certificate, you cannot retrieve
another CA certificate for it. This helps avoid inconsistency between

the certificate and registration information due to related

configuration changes. To retrieve a new CA certificate, use the pki

delete-certificate command to delete the existing CA certificate and
local certificate first.

5. Retrieving and displaying a

CRL

Optional.
Retrieve a CRL and display its contents.

Creating a PKI entity

1.

From the navigation tree, select Security > Certificate Management > Entity.

Figure 40 PKI entity list

2.

Click Add.