tion
Requesting URL
Enter the URL of the RA.
The entity will submit the certificate request to the server at this URL through the SCEP
protocol. The SCEP protocol is intended for communication between an entity and an
authentication authority.
In offline mode, this item is optional. In other modes, this item is required.
IMPORTANT:
This item does not support domain name resolution.
LDAP IP
Port
Version
Enter the IP address, port number, and version of the LDAP server.
In a PKI system, deploying an LDAP server solves an issue with the storage of certificates
and CRLs.
Request Mode
Select the online certificate request mode: auto or manual.
Hash
Fingerprint
Specify the fingerprint used for verifying the CA root certificate.
After receiving the root certificate of the CA, an entity needs to verify the fingerprint of the
root certificate, which is the hash value of the root certificate content. This hash value is
unique to every certificate. If the fingerprint of the root certificate does not match the
fingerprint configured for the PKI domain, the entity will reject the root certificate.
• If you specify MD5 as the hash algorithm, enter an MD5 fingerprint. The fingerprint
must be a string of 32 characters in hexadecimal notation.
• If you specify SHA1 as the hash algorithm, enter an SHA1 fingerprint. The fingerprint
must be a string of 40 characters in hexadecimal notation.
• If you do not specify the fingerprint hash, do not enter any fingerprint. The entity will
not verify the CA root certificate, and you must use a trusted CA server.
IMPORTANT:
The fingerprint must be configured if you specify the certificate request mode as Auto. If you
specify the certificate request mode as Manual, you can leave the fingerprint settings null. If
you do not configure the fingerprint, the entity will not verify the CA root certificate and you
yourself must make sure the CA server is trusted.
Polling Count
Polling Interval
Set the polling interval and attempt limit for querying the certificate request status.
If an entity makes a certificate request in manual mode, the CA might require a lengthy
period of time to verify the request and sign the certificate. During this waiting period, the
applicant should query the status of the request periodically to obtain the certificate as
soon as possible after the certificate is signed.
Enable CRL
Checking
Select this box to specify that CRL checking is required during certificate verification.
CRL Update Period
Enter the CRL update period, which is the interval at which the PKI entity downloads the
latest CRLs.
This item is available after you click the Enable CRL Checking box.
By default, the CRL update period depends on the next update field in the CRL file.
To Next Page
Loading...
Need help?
General