3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
192 CHAPTER 12: PKI CONFIGURATION
By default, no fingerprint is configured for root certificate authentication.
When an MD5 fingerprint is adopted, the string argument must contain 32
hexadecimal characters. When an SHA1 fingerprint is adopted, the string
argument must contain 40 hexadecimal characters.
Configuring Entity Name
Space
Name space overview
Entity name space should be taken into account when setting up PKI. In a
certificate, the public key and owner name must be consistent. Each CA details
about an entity with the information it considers important. A unique identifier
(also called DN-distinguished name) can be used to identify an entity. It consists of
several parts, such as user common name, organization, country and owner name.
It must be unique among the network.
The entity DN configuration in PKI entity view comprises the configuration of:
■ PKI entity name
■ Entity FQDN
■ Country code
■ State name
■ Geographic locality
■ Organization name
■ Organization unit name
■ Common name of the entity
■ IP address of the entity
n
Entity configuration information must comply with CA certificate issue policy to
determine the DN configuration tasks, for example, in determining mandatory and
optional parameters. Otherwise, certificate request may be rejected.
Specifying a PKI entity name
In PKI entity view, you can configure the attributes of entity DN.
Perform the following configuration in system view.
By default, no entity name is given.
Cancel the configured fingerprint for root
certificate authentication
undo root-certificate fingerprint
Table 191 Configure the fingerprint for root certificate authentication
Operation Command
Tabl e 192 Specify an entity name
Operation Command
Specify an entity name and enter the entity
view
pki entity name-str
Delete the entity name and relative
parameters
undo pki entity name-str