Creating a pki entity – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

453

Step Remarks

2. Creating a PKI domain

Required.
Create a PKI domain, setting the certificate request mode to Auto.
Before requesting a PKI certificate, an entity needs to be configured with some

enrollment information, which is referred to as a PKI domain.
A PKI domain is intended only for convenience of reference by other
applications like IKE and SSL, and has only local significance.

3. Destroying the RSA key

pair

Optional.
If the certificate to be retrieved contains an RSA key pair, you must destroy the
existing RSA key pair. Otherwise, the certificate cannot be retrieved.

Destroying the existing RSA key pair also destroys the corresponding local

certificate.

4. Retrieving and

displaying a certificate

Optional.
Retrieve an existing certificate and display its contents.

IMPORTANT:

•

Before retrieving a local certificate in online mode, be sure to complete

LDAP server configuration.

•

If a CA certificate already exists, you cannot retrieve another CA certificate.

This restriction avoids inconsistency between the certificate and registration

information due to related configuration changes. To retrieve a new CA
certificate, remove the existing CA certificate and local certificate first.

5. Retrieving and

displaying a CRL

Optional.
Retrieve a CRL and display its contents.

Creating a PKI entity

1.

Select Authentication > Certificate Management from the navigation tree.
The PKI entity list page is displayed by default.

Figure 479 PKI entity list

2.

Click Add to enter the PKI entity configuration page.