Task | Remarks | |
| Required | |
| When requesting a certificate, an entity introduces itself to the CA by providing its | |
| identity information and public key, which will be the major components of the | |
| certificate. | |
| A certificate request can be submitted to a CA in two ways: online and offline. | |
Requesting a local | ∙ In online mode, if the request is granted, the local certificate will be retrieved to the | |
local system automatically. | ||
certificate | ||
∙ In offline mode, you need to retrieve the local certificate by an | ||
| ||
| IMPORTANT: | |
| If a local certificate already exists, you cannot perform the local certificate retrieval | |
| operation. This is to avoid possible mismatch between the local certificate and registration | |
| information resulting from relevant changes. To retrieve a new local certificate, you need | |
| to remove the CA certificate and local certificate first. | |
| Optional | |
Destroying the RSA | Destroy the existing RSA key pair and the corresponding local certificate. | |
key pair | If the certificate to be retrieved contains an RSA key pair, you need to destroy the | |
| ||
| existing key pair. Otherwise, the retrieving operation will fail. | |
|
| |
Retrieving a | Optional | |
certificate | Retrieve an existing certificate. | |
|
| |
Retrieving and | Optional | |
displaying a CRL | Retrieve a CRL and display its contents. | |
|
|
Requesting a Certificate Automatically
Perform the tasks in 1 to configure the PKI system to request a certificate automatically.
1.Configuration task list for requesting a certificate automatically
Task | Remarks |
| Required |
| Create a PKI entity and configure the identity information. |
Creating a PKI entity | A certificate is the binding of a public key and an entity, where an entity is the |
collection of the identity information of a user. A CA identifies a certificate applicant by | |
| entity. |
| The identity settings of an entity must be compliant to the CA certificate issue policy. |
| Otherwise, the certificate request may be rejected. |
|
|
| Required |
| Create a PKI domain, setting the certificate request mode to Auto. |
Creating a PKI | Before requesting a PKI certificate, an entity needs to be configured with some |
domain | enrollment information, which is referred to as a PKI domain. |
| A PKI domain is intended only for convenience of reference by other applications like |
| SSL, and has only local significance. |
|
|
387