H3C Technologies H3C SecPath F1000-E User Manual
Page 326
314
<SecPath> system-view
[SecPath] pki entity aaa
[SecPath-pki-entity-aaa] common-name SecPath
[SecPath-pki-entity-aaa] quit
2.
Configure the PKI domain:
# Create PKI domain torsa and enter its view.
[SecPath] pki domain torsa
# Configure the name of the trusted CA as myca.
[SecPath-pki-domain-torsa] ca identifier myca
# Configure the URL of the registration server in the format of http://host:port/Issuing Jurisdiction
ID, where Issuing Jurisdiction ID is a hexadecimal string generated on the CA server.
[SecPath-pki-domain-torsa] certificate request url
http://4.4.4.133:446/c95e970f632d27be5e8cbf80e971d9c4a9a93337
# Set the registration authority to CA.
[SecPath-pki-domain-torsa] certificate request from ca
# Specify the entity for certificate request as aaa.
[SecPath-pki-domain-torsa] certificate request entity aaa
# Configure the URL for the CRL distribution point.
[SecPath-pki-domain-torsa] crl url http://4.4.4.133:447/myca.crl
[SecPath-pki-domain-torsa] quit
3.
Generate a local key pair using RSA:
[SecPath] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits in the modulus [default = 1024]:
Generating Keys...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++
4.
Apply for certificates:
# Retrieve the CA certificate and save it locally.
[SecPath] pki retrieval-certificate ca domain torsa
Retrieving CA/RA certificates. Please wait a while......
The trusted CA's finger print is:
MD5 fingerprint:EDE9 0394 A273 B61A F1B3 0072 A0B1 F9AB
SHA1 fingerprint: 77F9 A077 2FB8 088C 550B A33C 2410 D354 23B2 73A8
Is the finger print correct?(Y/N):y
Saving CA/RA certificates chain, please wait a moment......
CA certificates retrieval success.
# Retrieve CRLs and save them locally.