1230 CHAPTER 97: PKI CONFIGURATION
PKI Configuration
Examples
c
CAUTION:
■ The SCEP plug-in is required when you use the Windows Server as the CA. In
this case, when configuring the PKI domain, you need to use the certificate
request from ra command to specify that the entity requests a certificate
from an RA.
■ The SCEP plug-in is not required when RSA Keon is used. In this case, when
configuring a PKI domain, you need to use the certificate request from ca
command to specify that the entity requests a certificate from a CA.
Configuring a PKI Entity
to Request a Certificate
from a CA
n
RSA Keon is used on the CA server in this configuration example.
Network requirements
■ The device submits a local certificate request to the CA server.
■ The device acquires the CRLs for certificate validation.
Network diagram
Figure 361 Diagram for configuring a PKI entity to request a certificate from a CA
Configuration procedure
On the CA server, complete the following configurations:
1 Create a CA server named myca
In this example, you need to configure theses basic attributes on the CA server at
first:
Display CRLs display pki crl domain domain-name Available in any
view
Display information about
one or all certificate attribute
groups
display pki certificate attribute-group
{ group-name | all }
Available in any
view
Display information about
one or all certificate
attribute-based access control
policies
display pki certificate
access-control-policy { policy-name | all }
Available in any
view
To do… Use the command… Remarks
CA server
Internet
Host
Switch
PKI entity
To Next Page
Loading...
