Creating a pki entity – H3C Technologies H3C MSR 50 User Manual
Page 488
103
Task Remarks
Required.
Create a PKI domain, setting the certificate request mode to Auto.
Before requesting a PKI certificate, an entity needs to be configured with
some enrollment information, which is called a PKI domain.
A PKI domain is intended only for convenience of reference by other
applications like IKE and SSL, and has only local significance.
3. Destroying the RSA key pair
Optional.
If the certificate to be retrieved contains an RSA key pair, you must destroy
the existing RSA key pair. Otherwise, the certificate cannot be retrieved.
Destroying the existing RSA key pair also destroys the corresponding local
certificate.
4. Retrieving and displaying a
Optional.
Retrieve an existing certificate and display its contents.
IMPORTANT:
•
Before retrieving a local certificate in online mode, be sure to complete
LDAP server configuration.
•
If a CA certificate already exists, you cannot retrieve another CA
certificate. This restriction avoids inconsistency between the certificate
and the registration information due to configuration changes. To retrieve
a new CA certificate, remove the existing CA certificate and local
certificate first.
5. Retrieving and displaying a
Optional.
Retrieve a CRL and display its contents.
Creating a PKI entity
1.
From the navigation tree, select Certificate Management > Entity.
Figure 486 PKI entities
2.
Click Add.