389
Figure 133 Network diagram
Configuration considerations
To meet the network requirements, perform the following tasks:
• Configure Device to work as the HTTPS server and request a certificate for Device.
• Request a certificate for Host so that Device can authenticate the identity of Host.
• Configure a CA server to issue certificates to Device and Host.
Configuration procedure
Before performing the following tasks, make sure Device, Host, and the CA server can reach each
other.
1. Configure the HTTPS server on Device:
# Create a PKI entity named en, and configure the common name as http-server1 and the
FQDN as ssl.security.com.
<Device> system-view
[Device] pki entity en
[Device-pki-entity-en] common-name http-server1
[Device-pki-entity-en] fqdn ssl.security.com
[Device-pki-entity-en] quit
# Create PKI domain 1, specify the trusted CA as CA server, the URL of the registration server
as http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and
the entity for certificate request as en.
[Device] pki domain 1
[Device-pki-domain-1] ca identifier ca server
[Device-pki-domain-1] certificate request url
http://10.1.2.2/certsrv/mscep/mscep.dll
[Device-pki-domain-1] certificate request from ra
[Device-pki-domain-1] certificate request entity en
[Device-pki-domain-1] quit
# Create the local RSA key pairs.
[Device] public-key local create rsa
# Retrieve the CA certificate.
[Device] pki retrieval-certificate ca domain 1
# Request a local certificate for Device.
[Device] pki request-certificate domain 1
# Create an SSL server policy named myssl.
[Device] ssl server-policy myssl
# Specify the PKI domain for the SSL server policy as 1.
[Device-ssl-server-policy-myssl] pki-domain 1
To Next Page
Loading...
Need help?
General
