3Com Switch 4800G 24-Port - PKI Configuration Task List; Configuring an Entity DN

To Next Page

To Previous Page

1222 CHAPTER 97: PKI CONFIGURATION

4 The RA receives the certificate from the CA, sends it to the LDAP server to provide

directory navigation service, and notifies the entity that the certificate is

successfully issued.

5 The entity retrieves the certificate. With the certificate, the entity can

communicate with other entities safely through encryption and digital signature.

6 The entity makes a request to the CA when it needs to revoke its certificate, while

the CA approves the request, updates the CRLs and transfers the CRLs to the

LDAP server.

PKI Configuration Task

List

Complete the following tasks to configure PKI:

Configuring an Entity

A certificate is the binding of a public key and the identity information of an entity,

where the identity information is identified by an entity distinguished name (DN).

A CA identifies a certificate applicant uniquely by entity DN.

An entity DN is defined by these parameters:

■ Common name of the entity.

■ Country code of the entity, a standard 2-character code. For example, CN

represents China and US represents the United States of America.

■ Fully qualified domain name (FQDN) of the entity, a unique identifier of an

entity on the network. It consists of a host name and a domain name and can

be resolved to an IP address. For example, www.whatever.com is an FQDN,

where www is a host name and whatever.com a domain name.

■ IP address of the entity.

■ Locality where the entity resides.

■ Organization to which the entity belongs.

■ Unit of the entity in the organization.

■ State where the entity resides.

The configuration of an entity DN must comply with the CA certificate issue policy.

You need to determine, for example, which entity DN parameters are mandatory

and which are optional. Otherwise, certificate request may be rejected.

Task Remarks

“Configuring an Entity DN” on page 1222 Required

“Configuring a PKI Domain” on page 1223 Required

“Submitting a Certificate Request

in Auto Mode” on page 1225

“Submitting a Certificate Request in Auto

Mode” on page 1225

Required

Use either

approach “Submitting a Certificate Request in Manual

Mode” on page 1225

“Retrieving a Certificate Manually” on page 1226 Optional

“Configuring PKI Certificate Validation” on page 1227 Optional

“Destroying a Local RSA Key Pair” on page 1228 Optional

“Deleting a Certificate” on page 1229 Optional

“Configuring an Access Control Policy” on page 1229 Optional

Main Page

3Com Switch 4800G 24-Port - PKI Configuration Task List; Configuring an Entity DN

Table of Contents

Related product manuals