Step |
| Remarks | |
|
| Optional. | |
6. | Destroy the existing RSA key pair and the corresponding local certificate. | ||
If the certificate to be retrieved contains an RSA key pair, you must destroy | |||
|
| ||
|
| the existing key pair. Otherwise, the retrieving operation will fail. | |
|
|
| |
7. | Optional. | ||
| Retrieve an existing certificate. | ||
|
| ||
|
|
| |
8. | Optional. | ||
| Retrieve a CRL and display its contents. | ||
|
|
|
Recommended configuration procedure for automatic request
Task |
| Remarks | |
|
| Required. | |
|
| Create a PKI entity and configure the identity information. | |
|
| A certificate is the binding of a public key and the identity information of an | |
1. | entity, where the DN shows the identity information of the entity. A CA | ||
|
| identifies a certificate applicant uniquely by an entity DN. | |
|
| The DN settings of an entity must be compliant to the CA certificate issue | |
|
| policy. Otherwise, the certificate request might be rejected. You must know | |
|
| the policy to determine which entity parameters are mandatory or optional. | |
|
|
| |
|
| Required. | |
|
| Create a PKI domain, setting the certificate request mode to Auto. | |
2. | Before requesting a PKI certificate, an entity needs to be configured with | ||
|
| some enrollment information, which is called a PKI domain. | |
|
| A PKI domain is intended only for convenience of reference by other | |
|
| applications like IKE and SSL, and has only local significance. | |
|
|
| |
|
| Optional. | |
3. | Destroy the existing RSA key pair and the corresponding local certificate. | ||
If the certificate to be retrieved contains an RSA key pair, you must destroy | |||
|
| ||
|
| the existing key pair. Otherwise, the retrieving operation will fail. | |
|
| ||
Optional. | |||
| Retrieve an existing certificate. | ||
|
| ||
|
| ||
Optional. | |||
| Retrieve a CRL and display its contents. | ||
|
|
|
1.From the navigation tree, select Authentication > Certificate Management. The PKI entity list page is displayed by default.
388