H3C Technologies H3C MSR 50 User Manual
Page 506
121
2.
Create a PKI domain:
a.
From the navigation tree, select Certificate Management > Domain.
b.
Click Add.
The page in
appears.
c.
Enter 1 as the PKI domain name, enter CA1 as the CA identifier, select en as the local entity,
select RA as the authority for certificate request, enter
http://1.1.1.100/certsrv/mscep/mscep.dll as the URL for certificate request (the RA URL
given here is just an example. Configure the RA URL as required), enter 1.1.1.102 as the IP
address of the LDAP server and 389 as the port number, select 2 as the version number, and
select Manual as the certificate request mode.
d.
Click the expansion button before Advanced Configuration to display the advanced
configuration items.
e.
In the advanced configuration area, click the Enable CRL Checking box, and enter
ldap://1.1.1.102 as the URL for CRLs.
f.
Click Apply.
The system displays "Fingerprint of the root certificate not specified. No root certificate
validation will occur. Continue?"
g.
Click OK to confirm.
Figure 514 Creating a PKI domain
3.
Generate an RSA key pair:
a.
From the navigation tree, select Certificate Management > Certificate.
b.
Click Create Key.
c.
Enter 1024 as the key length, and click Apply..