95
Step Remarks
5. Requesting a local
certificate
Required.
When requesting a certificate, an entity introduces itself to the CA by
providing its identity information and public key, which will be the major
components of the certificate.
A certificate request can be submitted to a CA in online mode or offline
mode.
• In online mode, if the request is granted, the local certificate will be
retrieved to the local system automatically.
• In offline mode, you must retrieve the local certificate by an
out-of-band means.
IMPORTANT:
If a local certificate already exists, you cannot perform the local certificate
retrieval operation. This restriction avoids inconsistency between the
certificate and the registration information due to configuration changes.
To retrieve a new local certificate, you must remove the CA certificate and
local certificate first.
6. Destroying the RSA key pair
Optional.
If the certificate to be retrieved contains an RSA key pair, you must
destroy the existing RSA key pair. Otherwise, you cannot retrieve the
certificate. Destroying the existing RSA key pair also destroys the
corresponding local certificate.
7. Retrieving and displaying a
certificate
Required if you request a certificate in offline mode.
Retrieve an existing certificate and display its contents.
IMPORTANT:
• If you request a certificate in offline mode, you must retrieve the CA
certificate and local certificate by an out-of-band means.
• Before retrieving a local certificate in online mode, be sure to
complete LDAP server configuration.
8. Retrieving and displaying a
CRL
Optional.
Retrieve a CRL and display its contents.
Recommended configuration procedure for automatic
request
Task Remarks
1. Creating a PKI entity
Required.
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and the identity information of an
entity, where the DN shows the identity information of the entity. A CA
identifies a certificate applicant uniquely by an entity DN.
The DN settings of an entity must be compliant to the CA certificate issue
policy. Otherwise, the certificate request might be rejected. You must
know the policy to determine which entity parameters are mandatory or
optional.
To Next Page
Loading...
Need help?
General
