beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 153

background image

142

Figure 68 Network diagram

2.

Configuring the CA server

a.

Install the certificate service suites:

{

Select Control Panel > Add or Remove Programs from the start menu.

{

Select Add/Remove Windows Components > Certificate Services.

{

Click Next to begin the installation.

b.

Install the SCEP add-on:

As a CA server running the Windows 2003 server does not support SCEP by default, you need to
install the SCEP add-on so that the LB product can register and obtain its certificate automatically.

After the SCEP add-on installation completes, a URL is displayed, which you need to configure on
the LB product as the URL of the server for certificate registration.

c.

Modify the certificate service attributes:

{

Select Control Panel > Administrative Tools > Certificate Authority from the start menu.
If the CA server and SCEP add-on have been installed successfully, there should be two
certificates issued by the CA to the RA.

{

Right-click the CA server in the navigation tree and select Properties > Policy Module.

{

Click Properties and select Follow the settings in the certificate template, if applicable.
Otherwise, automatically issue the certificate.

d.

Modify the Internet Information Services (IIS) attributes:

{

Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from
the start menu.

{

Select Web Sites from the navigation tree.

{

Right-click Default Web Site and select Properties > Home Directory.

{

Specify the path for certificate service in the Local path text box.
To avoid conflict with existing services, specify an available port number as the TCP port
number of the default website.

After completing the configuration, check that the system clock of the LB product is synchronous to that of

the CA server, so that the LB product can request a certificate normally.

3.

Configuring the LB product

a.

Configure the entity DN, with the entity name as aaa and the common name as lb:

system-view

[LB] pki entity aaa

[LB-pki-entity-aaa] common-name lb

[LB-pki-entity-aaa] quit

b.

Configure the PKI domain:
# Create PKI domain torsa and enter its view.

[LB] pki domain torsa

# Configure the name of the trusted CA as myca.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: