Configuring a PKI Domain 1223
Follow these steps to configure an entity DN:
n
■ Currently, up to two entities can be created on a device.
■ Windows 2000 CA server has some restrictions on the data length of a
certificate request. If the entity DN in a certificate request goes beyond a
certain limit, the server does not respond to the certificate request.
Configuring a PKI
Domain
Before requesting a PKI certificate, an entity needs to be configured with some
enrollment information, which is referred to as a PKI domain. A PKI domain is
intended only for convenience of reference by other applications, and has only
local significance.
A PKI domain is defined by these parameters:
■ Trusted CA
An entity requests a certificate from a trusted CA.
■ Entity
A certificate applicant uses an entity to provide its identity information to a CA.
To do… Use the command… Remarks
Enter system view system-view -
Create an entity and enter its
view
pki entity entity-name Required
No entity exists by default.
Configure the common name
for the entity
common-name name Optional
No common name is specified
by default.
Configure the country code
for the entity
country country-code-str Optional
No country code is specified
by default.
Configure the FQDN for the
entity
fqdn name-str Optional
No FQDN is specified by
default.
Configure the IP address for
the entity
ip ip-address Optional
No IP address is specified by
default.
Configure the locality of the
entity
locality locality-name Optional
No locality is specified by
default.
Configure the organization
name for the entity
organization org-name Optional
No organization is specified by
default.
Configure the unit name for
the entity
organization-unit
org-unit-name
Optional
No unit is specified by default.
Configure the state or
province for the entity
state state-name Optional
No state or province is
specified by default.
To Next Page
Loading...
