H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 468
452
Step Remarks
Required.
When requesting a certificate, an entity introduces itself to the CA by
providing its identity information and public key, which will be the major
components of the certificate.
A certificate request can be submitted to a CA in online mode or offline mode.
•
In online mode, if the request is granted, the local certificate will be
retrieved to the local system automatically.
•
In offline mode, you must retrieve the local certificate by an out-of-band
means.
IMPORTANT:
If a local certificate already exists, you cannot perform the local certificate
retrieval operation. This will avoid possible mismatch between the local
certificate and registration information resulting from relevant changes. To
retrieve a new local certificate, you must remove the CA certificate and local
certificate first.
Optional.
If the certificate to be retrieved contains an RSA key pair, you must destroy the
existing RSA key pair. Otherwise, the certificate cannot be retrieved.
Destroying the existing RSA key pair also destroys the corresponding local
certificate.
Required if you request a certificate in offline mode.
Retrieve an existing certificate and display its contents.
IMPORTANT:
•
If you request a certificate in offline mode, you must retrieve the CA
certificate and local certificate by an out-of-band means.
•
Before retrieving a local certificate in online mode, be sure to complete
LDAP server configuration.
Optional.
Retrieve a CRL and display its contents.
Recommended configuration procedure for automatic request
Step Remarks
Required.
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and an entity, where an entity is the
collection of the identity information of a user. A CA identifies a certificate
applicant by entity.
The identity settings of an entity must be compliant to the CA certificate issue
policy. Otherwise, the certificate request might be rejected.