223
4. The RA receives the certificate from the CA, sends it to the LDAP server to provide directory
navigation service, and notifies the entity that the certificate is successfully issued.
5. The entity retrieves the certificate. With the certificate, the entity can communicate with other
entities safely through encryption and digital signature.
6. The entity makes a request to the CA when it needs to revoke its certificate, and the CA approves
the request, updates the CRLs and publishes the CRLs on the LDAP server.
PKI configuration task list
Complete the following tasks to configure PKI:
Task Remarks
Configuring an entity DN Required
Configuring a PKI domain Required
Submitting a PKI certificate request
Submitting a certificate request in auto
mode
Required
Use either approach
Submitting a certificate request in
manual mode
Retrieving a certificate manually Optional
Configuring PKI certificate verification Optional
Destroying a local RSA key pair Optional
Deleting a certificate Optional
Configuring an access control policy Optional
Configuring an entity DN
A certificate is the binding of a public key and the identity information of an entity, where the identity
information is identified by an entity distinguished name (DN). A CA identifies a certificate applicant
uniquely by entity DN.
An entity DN is defined by these parameters:
• Common name of the entity.
• Country code of the entity, a standard 2-character code. For example, CN represents China and US
represents the United States.
• Fully qualified domain name (FQDN) of the entity, a unique identifier of an entity on the network.
It consists of a host name and a domain name and can be resolved to an IP address. For example,
www.whatever.com is an FQDN, where www is a host name and whatever.com a domain name.
• IP address of the entity.
• Locality where the entity resides.
• Organization to which the entity belongs.
• Unit of the entity in the organization.
• State where the entity resides.
To Next Page
Loading...
