Displaying and maintaining pki, Pki configuration examples, Network requirements – H3C Technologies H3C WX6000 Series Access Controllers User Manual

68-12

A certificate attribute group must exist to be associated with a rule.

Displaying and Maintaining PKI

To do…

Use the command…

Remarks

Display the contents or request
status of a certificate

display pki certificate

{ { ca | local } domain

domain-name

| request-status }

Available in any view

Display CRLs

display pki crl domain domain-name

Available in any view

Display information about one or all
certificate attribute groups

display pki certificate attribute-group
{ group-name | all }

Available in any view

Display information about one or all
certificate attribute-based access
control policies

display pki certificate access-control-policy

{ policy-name | all }

Available in any view

PKI Configuration Examples

z

The SCEP plug-in is required when you use the Windows Server as the CA. In this case, when
configuring the PKI domain, you need to use the certificate request from ra command to specify
that the entity requests a certificate from an RA.

z

The SCEP plug-in is not required when RSA Keon is used. In this case, when configuring a PKI
domain, you need to use the certificate request from ca command to specify that the entity
requests a certificate from a CA.

Configuring a PKI Entity to Request a Certificate from a CA

RSA Keon is used on the CA server in this configuration example.

Network requirements

z

The AC submits a local certificate request to the CA server.

z

The AC acquires the CRLs for certificate validation.