224
NOTE:
The configuration of an entity DN must comply with the CA certificate issue policy. You need to determine,
for example, which entity DN parameters are mandatory and which are optional. Otherwise, certificate
requests might be rejected.
Follow these steps to configure an entity DN:
To do… Use the command… Remarks
Enter system view system-view —
Create an entity and enter its view pki entity entity-name
Required
No entity exists by default.
Configure the common name for
the entity
common-name name
Optional
No common name is specified by
default.
Configure the country code for the
entity
country country-code-str
Optional
No country code is specified by
default.
Configure the FQDN for the entity fqdn name-str
Optional
No FQDN is specified by default.
Configure the IP address for the
entity
ip ip-address
Optional
No IP address is specified by
default.
Configure the locality for the entity locality locality-name
Optional
No locality is specified by default.
Configure the organization name
for the entity
organization org-name
Optional
No organization is specified by
default.
Configure the unit name for the
entity
organization-unit org-unit-name
Optional
No unit is specified by default.
Configure the state or province for
the entity
state state-name
Optional
No state or province is specified by
default.
NOTE:
• Up to two entities can be created on a device.
• The Windows 2000 CA server has some restrictions on the data length of a certificate request. If the
entity DN in a certificate request goes beyond a certain limit, the server will not respond to the certificate
request.
Configuring a PKI domain
Before requesting a PKI certificate, an entity needs to be configured with some enrollment information,
which is referred to as a PKI domain. A PKI domain is intended only for convenience of reference by other
To Next Page
Loading...
