241
Ste
Remarks
2. Creating a PKI domain
Required.
Create a PKI domain, setting the certificate request mode to Auto.
Before requesting a PKI certificate, an entity needs to be configured with
some enrollment information, which is referred to as a PKI domain.
A PKI domain is intended only for convenience of reference by other
applications like IKE and SSL, and has only local significance.
3. Destroying the RSA key pair
Optional.
If the certificate to be retrieved contains an RSA key pair, you must
destroy the existing RSA key pair. Otherwise, the certificate cannot be
retrieved. Destroying the existing RSA key pair also destroys the
corresponding local certificate.
4. Retrieving and displaying a
certificate
Optional.
Retrieve an existing certificate and display its contents.
IMPORTANT:
• Before retrieving a local certificate in online mode, be sure to
complete LDAP server configuration.
• If a CA certificate already exists, you cannot retrieve another CA
certificate. This restriction avoids inconsistency between the
certificate and registration information due to related configuration
changes. To retrieve a new CA certificate, remove the existing CA
certificate and local certificate first.
5. Retrieving and displaying a
CRL
Optional.
Retrieve a CRL and display its contents.
Creating a PKI entity
1. Select Authentication > Certificate Management from the navigation tree.
The PKI entity list page is displayed by default.
Figure 234 PKI entity list
2. Click Add on the page to enter the PKI entity configuration page.
To Next Page
Loading...
