Importing root and server certificates to uam – H3C Technologies H3C Intelligent Management Center User Manual

404

{

Private key is included in client certificate file—Specify whether or not the client certificate file

includes the private key. If you do not select this option, you must select the private key file for the
client certificate.

{

Private Key File of Client Certificate—Click Browse to select a private key file for the client
certificate. This parameter is displayed only when the Private key is included in client certificate

file box is not selected.

{

Client Certificate Key Password—Enter the password for the client private key. This password
was configured when the client certificate was exported.

5.

Click OK. The verification result is displayed for each certificate. If the verification fails, the page
displays the failure reasons.

Importing root and server certificates to UAM

When you import root and server certificates to UAM, use the following guidelines:

•

UAM supports the following root and server certificate file formats:

{

pem—Base64 encoded, using the PEM or CER format.

{

der—Distinguished Encoding Rules encoded, using the DER or CER format.

{

pkcs12—Public-Key Cryptography Standards # 12 encoded, using the PFX or P12 format.

•

If the server certificate file is a .pfx file, you cannot use a .pvk file as the private key file. If the private
key is stored in the certificate, the certificate cannot be a .der file.

To import root and server certificates:

1.

Click the User tab.

2.

Select User Access Policy > Service Parameters > Certificate from the navigation tree.

3.

Click the Configure icon for EAP Certificate Configuration.
The page for configuring the root certificate appears.

4.

Click Browse for the Root Certificate File field to select a local root certificate file.

5.

Click Next.
The page for configuring the CRL appears.

6.

Configure the following parameters in the CRL Configuration area:

{

Enable CRL Periodical Update—If you select the box, the CRL at a specific link is periodically
updated. You can configure the update method, update interval, update time, and link.

{

Update Interval/Update Time—Enter the interval and time at which the CRL is updated. UAM
updates the CRL at the specified time every the interval.

{

Link—Enter the URL of a CRL to be updated, in the format of http://xxx/x.crl.

7.

Click Test to check whether the CRL link is valid.
If the link is invalid, the Connection timed out message appears. If the link is valid, you can
continue the import process.

8.

Click Next.
The page for configuring the server certificate appears.

9.

Configure the following parameters in the Server Certificate Configuration area:

{

Private key is included in certificate file—If you select the box, the server certificate and its
private key are saved in the same file, and the page only displays the Server Certificate File field.

If you do not select the box, the server certificate and its private key are saved in different files,