96
Task Remarks
2. Creating a PKI domain
Required.
Create a PKI domain, setting the certificate request mode to
Auto
.
Before requesting a PKI certificate, an entity needs to be configured with
some enrollment information, which is called a PKI domain.
A PKI domain is intended only for convenience of reference by other
applications like IKE and SSL, and has only local significance.
3. Destroying the RSA key pair
Optional.
If the certificate to be retrieved contains an RSA key pair, you must
destroy the existing RSA key pair. Otherwise, the certificate cannot be
retrieved. Destroying the existing RSA key pair also destroys the
corresponding local certificate.
4. Retrieving and displaying a
certificate
Optional.
Retrieve an existing certificate and display its contents.
IMPORTANT:
• Before retrieving a local certificate in online mode, be sure to
complete LDAP server configuration.
• If a CA certificate already exists, you cannot retrieve another CA
certificate. This restriction avoids inconsistency between the
certificate and the registration information due to configuration
changes. To retrieve a new CA certificate, remove the existing CA
certificate and local certificate first.
5. Retrieving and displaying a
CRL
Optional.
Retrieve a CRL and display its contents.
Creating a PKI entity
1. From the navigation tree, select Certificate Management > Entity.
Figure 472 PKI entities
2. Click Add.
To Next Page
Loading...
Need help?
General
