Item | Description | |
| Enter the URL of the RA. | |
| The entity will submit the certificate request to the server at this URL through the SCEP | |
| protocol. The SCEP protocol is intended for communication between an entity and an | |
Requesting URL | authentication authority. | |
In offline mode, this item is optional. In other modes, this item is required. | ||
| ||
| IMPORTANT: | |
| This item does not support domain name resolution. | |
LDAP IP | Enter the IP address, port number and version of the LDAP server. | |
| ||
Port | In a PKI system, the storage of certificates and CRLs is a crucial problem, which is usually | |
Version | addressed by deploying an LDAP server.. | |
| ||
|
| |
Request Mode | Select the online certificate request mode, which can be auto or manual. | |
|
| |
Password | Set a password for certificate revocation and | |
Confirm Password | The two boxes are available only when the certificate request mode is set to Auto.. | |
|
| |
Fingerprint Hash | Specify the fingerprint used for verifying the CA root certificate. | |
| After receiving the root certificate of the CA, an entity needs to verify the fingerprint of the | |
| ||
| root certificate, namely, the hash value of the root certificate content. This hash value is | |
| unique to every certificate. If the fingerprint of the root certificate does not match the one | |
| configured for the PKI domain, the entity will reject the root certificate. | |
| • If you specify MD5 as the hash algorithm, enter an MD5 fingerprint. The fingerprint | |
| must a string of 32 characters in hexadecimal notation. | |
| • If you specify SHA1 as the hash algorithm, enter an SHA1 fingerprint. The fingerprint | |
Fingerprint | must a string of 40 characters in hexadecimal notation. | |
• If you do not specify the fingerprint hash, do not enter any fingerprint. The entity will | ||
| ||
| not verify the CA root certificate, and you yourself must make sure the CA server is | |
| trusted. | |
| IMPORTANT: | |
| The fingerprint must be configured if you specify the certificate request mode as Auto. If you | |
| specify the certificate request mode as Manual, you can leave the fingerprint settings null. If | |
| you do not configure the fingerprint, the entity will not verify the CA root certificate and you | |
| yourself must make sure the CA server is trusted. | |
Polling Count | Set the polling interval and attempt limit for querying the certificate request status. | |
| After an entity makes a certificate request, the CA might need a long period of time if it | |
| ||
Polling Interval | verifies the certificate request in manual mode. During this period, the applicant needs to | |
query the status of the request periodically to get the certificate as soon as possible after | ||
| ||
| the certificate is signed.. | |
|
| |
Enable CRL | Select this box to specify that CRL checking is required during certificate verification. | |
Checking | ||
| ||
|
| |
| Enter the CRL update period, that is, the interval at which the PKI entity downloads the | |
CRL Update Period | latest CRLs. | |
This item is available after you click the Enable CRL Checking box. | ||
| ||
| By default, the CRL update period depends on the next update field in the CRL file. | |
|
|
392