H3C Technologies H3C MSR 50 User Manual

Page 509

Advertising
background image

124

1.

Create a PKI entity:

a.

From the navigation tree, select Certificate Management > Entity.

b.

Click Add.

c.

Enter en as the PKI entity name, enter router-b as the common name, and enter 3.3.3.1 as the
IP address of the entity.

d.

Click Apply.

2.

Create a PKI domain:

a.

From the navigation tree, select Certificate Management > Domain.

b.

Click Add.
The configuration page appears.

c.

In the upper area of the page, enter 1 as the PKI domain name, enter CA2 as the CA identifier,
select en as the local entity, select RA as the authority for certificate request, enter

http://2.1.1.100/certsrv/mscep/mscep.dll as the URL for certificate request (the RA URL given

here is just an example. Configure the RA URL as required), enter 2.1.1.102 as the IP address
of the LDAP server and 389 as the port number, select 2 as the version number, and select

Manual as the certificate request mode.

d.

Click the expansion button before Advanced Configuration to display the advanced
configuration items.

e.

In the advanced configuration area, click the Enable CRL Checking box and enter
ldap://2.1.1.102 as the URL for CRLs.

f.

Click Apply.
The system displays "Fingerprint of the root certificate not specified. No root certificate
validation will occur. Continue?"

g.

Click OK to confirm.

3.

Generate an RSA key pair:

a.

From the navigation tree, select Certificate Management > Certificate.

b.

Click Create Key.

c.

Click Apply to generate an RSA key pair.

4.

Retrieve the CA certificate:

a.

From the navigation tree, select Certificate Management > Certificate.

b.

Click Retrieve Cert.

c.

Select 1 as the PKI domain, select CA as the certificate type, and click Apply.

5.

Request a local certificate:

a.

From the navigation tree, select Certificate Management > Certificate.

b.

Click Request Cert.

c.

Select 1 as the PKI domain, and click Apply.
The system displays "Certificate request has been submitted."

d.

Click OK to confirm.

6.

Add an IPsec connection:

a.

From the navigation tree, select VPN > IPsec VPN.

b.

Click Add.

Advertising
This manual is related to the following products:

H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900

Popular Brands
Popular manuals