Configuring a pki domain – H3C Technologies H3C WX6000 Series Access Controllers User Manual

68-5

The configuration of an entity DN must comply with the CA certificate issue policy. You need to
determine, for example, which entity DN parameters are mandatory and which are optional. Otherwise,
certificate request may be rejected.

Follow these steps to configure an entity DN:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create an entity and enter its view

pki entity

entity-name

Required
No entity exists by default.

Configure the common name for
the entity

common-name

name

Optional
No common name is specified by default.

Configure the country code for the
entity

country country-code-str

Optional
No country code is specified by default.

Configure the FQDN for the entity

fqdn name-str

Optional
No FQDN is specified by default.

Configure the IP address for the
entity

ip

ip-address

Optional
No IP address is specified by default.

Configure the locality of the entity

locality locality-name

Optional
No locality is specified by default.

Configure the organization name
for the entity

organization org-name

Optional
No organization is specified by default.

Configure the unit name for the
entity

organization-unit

org-unit-name

Optional
No unit is specified by default.

Configure the state or province for
the entity

state state-name

Optional
No state or province is specified by default.

z

Currently, up to two entities can be created on a device.

z

Windows 2000 CA server has some restrictions on the data length of a certificate request. If the
entity DN in a certificate request goes beyond a certain limit, the server does not respond to the
certificate request.

Configuring a PKI Domain

Before requesting a PKI certificate, an entity needs to be configured with some enrollment information,
which is referred to as a PKI domain. A PKI domain is intended only for convenience of reference by
other applications, and has only local significance.