Network requirements, Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

Page 463

Advertising
background image

1-17

Network requirements

Configure PKI entity Switch to request a local certificate from the CA server.

Figure 1-3 Request a certificate from a CA running Windows 2003 server

Configuration procedure

1) Configure the CA server

z

Install the certificate server suites

From the start menu, select Control Panel > Add or Remove Programs, and then select

Add/Remove Windows Components > Certificate Services and click Next to begin the installation.

z

Install the SCEP add-on

As a CA server running the Windows 2003 server does not support SCEP by default, you need to install

the SCEP add-on so that the switch can register and obtain its certificate automatically. After the SCEP

add-on installation completes, a URL is displayed, which you need to configure on the switch as the

URL of the server for certificate registration.

z

Modify the certificate service attributes

From the start menu, select Control Panel > Administrative Tools > Certificate Authority. If the CA

server and SCEP add-on have been installed successfully, there should be two certificates issued by

the CA to the RA. Right-click on the CA server in the navigation tree and select Properties > Policy

Module. Click Properties and then select Follow the settings in the certificate template, if

applicable. Otherwise, automatically issue the certificate.

z

Modify the Internet Information Services (IIS) attributes

From the start menu, select Control Panel > Administrative Tools > Internet Information Services

(IIS) Manager and then select Web Sites from the navigation tree. Right-click on Default Web Site and

select Properties > Home Directory. Specify the path for certificate service in the Local path text box.

In addition, you are recommended to specify an available port number as the TCP port number of the

default website to avoid conflict with existing services.

After completing the above configuration, check that the system clock of the switch is synchronous to

that of the CA server, ensuring that the switch can request a certificate normally.

2) Configure the switch

z

Configure the entity DN

# Configure the entity name as aaa and the common name as switch.

<Switch> system-view

[Switch] pki entity aaa

[Switch-pki-entity-aaa] common-name switch

[Switch-pki-entity-aaa] quit

z

Configure the PKI domain

# Create PKI domain torsa and enter its view.

[Switch] pki domain torsa

Advertising
Popular Brands
Popular manuals