Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
181182183184185186187188189190
190 CHAPTER 12: PKI CONFIGURATION
By default, no trustworthy CA is specified.
n
The standard set that CA uses in request processing, certificate issuing and
revoking, and CRL releasing is called CA policy. In general, CA uses files, called
certification practice statements (CPS), to advertise its policy. CA policy can be
obtained in out-of-band or other mode. You are recommended to understand CA
policies before choosing a CA, for different CAs may use different methods to
authenticate the public key -- subject binding.
Configuring Servers for
Certificate Request
Configuring the entity used to apply for a certificate
When you send a certificate application request to the CA, an entity name must
be specified to indicate you identity.
Perform the following configurations in PKI domain view.
By default, no entity is specified to apply for a certificate.
n
For more information about entities (entity-name), see “Configuring Entity Name
Space” “Configuring Entity Name Space”.
Specifying a registration organization
Registration management is often implemented by an independent registration
authority (RA), which is responsible for coping with certificate request, examining
entity qualification and determining for CA whether or not to issue the digital
certificate. It does not issue the certificate, as is performed by CA. Instead, it just
exams the qualification of the users. Sometimes no independent RA is set. It does
not mean that registration function of PKI is disabled, since CA takes over the
registration management.
Perform the following configuration in PKI domain view.
By default, no registration organization is specified.
Tabl e 186 Specify trustworthy CA
Operation Command
Specify a trustworthy CA ca identifier name
Delete the trustworthy CA undo ca identifier
Tabl e 187 Configure the entity used to apply for a certificate
Operation Command
Configure the entity used to apply for a
certificate
certificate request entity entity-name
Cancel the configured entity used to apply for
a certificate
undo certificate request entity
Tabl e 188 Specify a registration organization
Operation Command
Choose between CA and RA as the
registration organization
certificate request from { ca | ra }
Delete the registration organization undo certificate request from