1-5
Task Remarks
Requesting a
Local Certificate
Required
When requesting a certificate, an entity introduces itself to the CA by providing
its identity information and public key, which will be the major components of
the certificate.
A certificate request can be submitted to a CA in two ways: online and offline.
z In online mode, if the request is granted, the local certificate will be
retrieved to the local system automatically.
z In offline mode, you need to retrieve the local certificate by an out-of-band
means.
If there is already a local certificate, you cannot perform the local certificate
retrieval operation. This is to avoid possible mismatch between the local
certificate and registration information resulting from relevant changes. To
retrieve a new local certificate, you need to remove the CA certificate and local
certificate first.
Destroying the
RSA Key Pair
Optional
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you need to destroy
the existing key pair. Otherwise, the retrieving operation will fail.
Retrieving a
Certificate
Optional
Retrieve an existing certificate.
Retrieving and
Displaying a CRL
Optional
Retrieve a CRL and display its contents.
Requesting a Certificate Automatically
Perform the tasks in Table 1-2 to configure the PKI system to request a certificate automatically.
Table 1-2 Configuration task list for requesting a certificate automatically
Task Remarks
Creating a PKI
Entity
Required
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and an entity, where an entity is the
collection of the identity information of a user. A CA identifies a certificate
applicant by entity.
The identity settings of an entity must be compliant to the CA certificate issue
policy. Otherwise, the certificate request may be rejected.
Creating a PKI
Domain
Required
Create a PKI domain, setting the certificate request mode to Auto.
Before requesting a PKI certificate, an entity needs to be configured with some
enrollment information, which is referred to as a PKI domain.
A PKI domain is intended only for convenience of reference by other
applications like SSL, and has only local significance.
Destroying the
RSA Key Pair
Optional
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you need to destroy
the existing key pair. Otherwise, the retrieving operation will fail.
To Next Page
Loading...
