EasyManua.ls Logo

GE MDS ORBIT ECR - Obtaining a New Certificate; Renewing an Existing Certificate

GE MDS ORBIT ECR
463 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 379
the “Subject” portion of an X.509 certificate must be configured. Some fields may be fixed/required by
the specific SCEP server.
The CA fingerprint on the MCR should contain only alpha-numeric characters without spaces or
separators (i.e. commas, colons etc.).
> set pki cert-info certificate-info predefined_cert_info
Possible completions:
common-name-x509 -
country-x509 -
locale-x509 -
org-unit-x509 -
organization-x509 -
pkcs9-email-x509 -
state-x509 -
The parameters that must be entered for the client certificate information must again be obtained from the
System Administration or Security personnel. The common name will always be required. Other
parameters may be required.
Here is an example:
> set pki cert-info certificate-info predefined_cert_info organization-x509 GE MDS LLC org-
unit-x509 Engineering common-name-x509 00102200000102030411223344556670
Obtaining a New Certificate
To obtain a new client certificate from a SCEP server, the first step is to request the CA certificate from
the SCEP server.
> request pki ca-certs import cert-identity scep_ca_cert scep {
ca-issuer-identity predefined_ca_server cert-server-identity predefined_cert_server }
The next step is to request the new client certificate from the SCEP server.
> request pki client-certs import cert-identity scep_client_cert scep {
cert-server-identity predefined_cert_server ca-issuer-identity predefined_ca_server cert-info-
identity predefined_cert_info ca-cert-identity scep_ca_cert private-key-identity
imported_key_2048 ca-challenge 36DE2A1E53BECF9AE5BB3E0B12D4C85E }
Renewing an Existing Certificate
At some point, the dates on the certificate will need to be renewed due to time or security policy. A client
certificate can be renewed using the existing certificate with the same key as originally used when it was
generated. An alternative is to provide a new key and identify for the certificate that is to be renewed and
rekeyed.
The following example shows how to new an existing client certificate from the SCEP server:
> request pki client-certs import cert-identity renewed_scep_client_cert scep { cert-server-
identity predefined_cert_server ca-issuer-identity predefined_ca_server cert-info-identity
predefined_cert_info ca-cert-identity scep_ca_cert private-key-identity imported_key_2048
existing-cert-identity scep_client_cert existing-private-key-identity imported_key_2048 }

Table of Contents

Related product manuals