244
Task Remarks
Retrieving a certificate manually
Optional.
Verifying PKI certificates
Optional.
Destroying the local RSA key pair
Optional.
Deleting a certificate
Optional.
Configuring a certificate access control policy
Optional.
Configuring an entity DN
A certificate is the binding of a public key and the identity information of an entity, where the identity
information is identified by an entity distinguished name (DN). A CA identifies a certificate applicant
uniquely by entity DN.
An entity DN is defined by these parameters:
• Common name of the entity.
• Country code of the entity, a standard 2-character code. For example, CN represents China and
US represents the United States.
• FQDN of the entity, a unique identifier of an entity on the network. It consists of a host name and
a domain name and can be resolved to an IP address. For example, www.whatever.com is an
FQDN, where www is a host name and whatever.com a domain name.
• Device serial number.
• IP address of the entity.
• Locality where the entity resides.
• Organization to which the entity belongs.
• Unit of the entity in the organization.
• State where the entity resides.
The configuration of an entity DN must comply with the CA certificate issue policy. You need to
determine, for example, which entity DN parameters are mandatory and which are optional.
Otherwise, certificate requests might be rejected.
To configure an entity DN:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create an entity and enter its
view.
pki entity
entity-name
No entity exists by default.
You can create up to two entities
on a device.
3. Configure the common
name for the entity.
common-name
name
Optional.
No common name is specified by
default.
4. Configure the country code
for the entity.
country
country-code-str
Optional.
No country code is specified by
default.
5. Configure the FQDN for the
entity.
fqdn
name-str
Optional.
No FQDN is specified by default.
To Next Page
Loading...
Need help?
General
