R0106-HP MSR Router Series Security Configuration Guide(V7)
230
Figure 71 Network diagram
Configuring the CA server
In this example, a Windows 2003 server acts as the CA server. For information about how to configure
such a server, see "Certificate request from a Windows 2003 CA server."
Configuring Device A
# Configure a PKI entity.
<DeviceA> system-view
[DeviceA] pki entity en
[DeviceA-pki-entity-en] ip 2.2.2.1
[DeviceA-pki-entity-en] common-name devicea
[DeviceA-pki-entity-en] quit
# Configure a PKI domain.
[DeviceA] pki domain 1
[DeviceA-pki-domain-1] ca identifier CA1
[DeviceA-pki-domain-1] certificate request url http://1.1.1.100/certsrv/mscep/mscep.dll
[DeviceA-pki-domain-1] certificate request entity en
[DeviceA-pki-domain-1] ldap-server host 1.1.1.102
# Specify the RA to accept certificate requests.
[DeviceA-pki-domain-1] certificate request from ra
# Specify the RSA key pair with the purpose general, the name abc, and the length 1024 bits.
[DeviceA-pki-domain-1] public-key rsa general name abc length 1024
[DeviceA-pki-domain-1] quit
# Generate a local RSA key pair.
[DeviceA] public-key local create rsa name abc