H3C Technologies H3C SecBlade LB Cards User Manual

128

Figure 61 Creating a PKI entity

b.

Create a PKI domain:

{

From the navigation tree, select Security > Certificate Management > Domain.

{

Click Add.

{

In the upper area of the page, enter torsa as the PKI domain name, enter myca as the CA

identifier, select aaa as the local entity, select CA as the authority for certificate request, enter
http://4.4.4.133:446/c95e970f632d27be5e8cbf80e971d9c4a9a93337 as the URL for

certificate request (the URL must be in the format of http://host:port/Issuing Jurisdiction ID,

where Issuing Jurisdiction ID is a hexadecimal string generated on the CA), and select Manual

as the certificate request mode.

{

Click the expansion button before Advanced Configuration to display the advanced
configuration items.

{

In the advanced configuration area, click the Enable CRL Checking box, and enter
http://4.4.4.133:447/myca.crl as the CRL URL.

{

Click Apply.

{

The system displays "Fingerprint of the root certificate not specified. No root certificate
validation will occur. Continue?"

{

Click OK to confirm.