1.Configuration task list for requesting a certificate manually
Task | Remarks | |
| Required | |
| Create a PKI entity and configure the identity information. | |
| A certificate is the binding of a public key and an entity, where an entity is the | |
Creating a PKI entity | collection of the identity information of a user. A CA identifies a certificate applicant by | |
entity. | ||
| ||
| IMPORTANT: | |
| The identity settings of an entity must be compliant to the CA certificate issue policy. | |
| Otherwise, the certificate request may be rejected. | |
| Required | |
| Create a PKI domain, setting the certificate request mode to Manual. | |
Creating a PKI | Before requesting a PKI certificate, an entity needs to be configured with some | |
domain | enrollment information, which is referred to as a PKI domain. | |
| A PKI domain is intended only for convenience of reference by other applications like | |
| SSL, and has only local significance. | |
|
| |
| Required | |
| Generate a local RSA key pair. | |
| By default, no local RSA key pair exists. | |
Generating an RSA | Generating an RSA key pair is an important step in certificate request. The key pair | |
includes a public key and a private key. The private key is kept by the user, and the | ||
key pair | ||
public key is transferred to the CA along with some other information. | ||
| ||
| IMPORTANT: | |
| If a local certificate already exists, you must remove the certificate before generating a | |
| new key pair, so as to keep the consistency between the key pair and the local certificate. | |
| Required |
Certificate retrieval serves two purposes:
∙Locally store the certificates associated with the local security domain for improved query efficiency and reduced query count,
Retrieving a | ∙ Prepare for certificate verification. |
certificate | IMPORTANT: |
|
If a local CA certificate already exists, you cannot perform the CA certificate retrieval operation. This will avoid possible mismatch between certificates and registration information resulting from relevant changes. To retrieve the CA certificate, you need to remove the CA certificate and local certificate first.
386