3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

181

182

183

184

185

186

187

188

189

190

Certificate Request Configuration 189

non-auto out-of-band (phone, storage disk and Email, for example) identity

checkup may be required in this process. If this process goes smooth, CA issues a

certificate to the user and displays it along with some public information on the

LDAP server for directory browsing. The user can then download its own

public-key digital certificate from the notified position, and obtain those of others

through the LDAP server. The request process proceeds with:

■ Entering PKI domain view

■ Specifying a trustworthy CA

■ Configuring servers for certificate request

■ Configuring entity name space

■ Creating a local public - private key pair

■ Setting request polling interval and count

■ Configuring certificate request mode

■ Delivering a certificate request manually

■ Retrieving a certificate

Entering PKI Domain

View

A PKI domain manages in a unified way a group of PKI users who trust the same

third trustworthy organization. That means, it suffices with the trust each member

lays on CA; no trust between the group members is required. It serves a lot in

relieving system load and extending the capability of PKI certificate system.

For the configuration of domain parameters, you should enter the PKI domain

view.

Perform the following configuration in system view.

By default, no PKI domain is specified.

Typically, a device may belong to two or more PKI domains. Then independent

configuration information is required for each domain. Parameter configuration in

PKI domain view is for this purpose. But currently, one device supports only one

PKI domain; therefore, if two PKI domains exist and you wan to add a new one,

you need to use the corresponding undo command to delete an existing one first.

Specifying a

Trustworthy CA

When a subject applies for a certificate, a trustworthy CA which provides

guarantees for the subject registers and issues the certificate. A trustworthy CA is

the base for PKI. Only when a CA trusted by everyone is available, can users enjoy

the security services with public key technology.

Perform the following configuration in PKI domain view.

Tab le 185 Enter PKI domain view

Operation Command

Enter a designated PKI domain view pki domain name

Delete a designated PKI domain and its

relative information

undo pki domain name