Configuration guidelines – H3C Technologies H3C SecPath F1000-E User Manual
Page 337
325
•
Specify the CRL distribution URL.
•
Re-configure the LDAP version.
Configuration guidelines
When you configure PKI, note the following guidelines:
•
Make sure the clocks of entities and the CA are synchronous. Otherwise, the validity period of
certificates will be abnormal.
•
The Windows 2000 CA server has some restrictions on the data length of a certificate request. If the
PKI entity identity information in a certificate request goes beyond a certain limit, the server will not
respond to the certificate request.
•
The SCEP add-on is required when you use the Windows Server as the CA. In this case, specify RA
as the authority for certificate request when you configure the PKI domain.
•
The SCEP add-on is not required when you use the RSA Keon software as the CA. In this case,
specify CA as the authority for certificate request when you configure the PKI domain.