H3C Technologies H3C S5120 Series Switches User Manual

1-5

The configuration of an entity DN must comply with the CA certificate issue policy. You need to

determine, for example, which entity DN parameters are mandatory and which are optional. Otherwise,

certificate request may be rejected.

Follow these steps to configure an entity DN:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create an entity and enter its
view

pki entity entity-name

Required

No entity exists by default.

Configure the common name
for the entity

common-name name

Optional

No common name is specified
by default.

Configure the country code for
the entity

country country-code-str

Optional

No country code is specified by
default.

Configure the FQDN for the
entity

fqdn name-str

Optional

No FQDN is specified by
default.

Configure the IP address for
the entity

ip ip-address

Optional

No IP address is specified by
default.

Configure the locality for the
entity

locality locality-name

Optional

No locality is specified by
default.

Configure the organization
name for the entity

organization org-name

Optional

No organization is specified by
default.

Configure the unit name for the
entity

organization-unit
org-unit-name

Optional

No unit is specified by default.

Configure the state or province
for the entity

state state-name

Optional

No state or province is
specified by default.

z

Currently, up to two entities can be created on a device.

z

The Windows 2000 CA server has some restrictions on the data length of a certificate request. If

the entity DN in a certificate request goes beyond a certain limit, the server will not respond to the

certificate request.