H3C Technologies H3C SecBlade LB Cards User Manual

143

[LB-pki-domain-torsa] ca identifier myca

# Configure the URL of the registration server in the format of http://host:port/

certsrv/mscep/mscep.dll, where host:port indicates the IP address and port number of the CA

server.

[LB-pki-domain-torsa] certificate request url

http://4.4.4.1:8080/certsrv/mscep/mscep.dll

# Set the registration authority to RA.

[LB-pki-domain-torsa] certificate request from ra

# Specify the entity for certificate request as aaa.

[LB-pki-domain-torsa] certificate request entity aaa

c.

Generate a local key pair using RSA.

[LB] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Press CTRL+C to abort.

Input the bits in the modulus [default = 1024]:

Generating Keys...

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++

d.

Apply for certificates:
# Retrieve the CA certificate and save it locally.

[LB] pki retrieval-certificate ca domain torsa

Retrieving CA/RA certificates. Please wait a while......

The trusted CA's finger print is:

MD5 fingerprint:766C D2C8 9E46 845B 4DCE 439C 1C1F 83AB

SHA1 fingerprint:97E5 DDED AB39 3141 75FB DB5C E7F8 D7D7 7C9B 97B4

Is the finger print correct?(Y/N):y

Saving CA/RA certificates chain, please wait a moment......

CA certificates retrieval success.

# Request a local certificate manually.

[LB] pki request-certificate domain torsa challenge-word

Certificate is being requested, please wait......

[LB]

Enrolling the local certificate,please wait a while......

Certificate request Successfully!

Saving the local certificate to device......

Done!

4.

Verifying the configuration

# Display information about the retrieved local certificate.

[LB] display pki certificate local domain torsa

Certificate: