k.Request a local certificate

Select torsa as the PKI domain.

Select Password and then type challenge-word as the password.

Click Apply.

# Retrieve the CRL.

After retrieving a local certificate, select the CRL tab.

Click Retrieve CRL of the PKI domain of torsa, as shown in l. l. Retrieve the CRL

Configuration guidelines

When you configure PKI, note the following guidelines:

Make sure the clocks of entities and the CA are synchronous. Otherwise, the validity period of certificates will be abnormal.

The Windows 2000 CA server has some restrictions on the data length of a certificate request. If the PKI entity identity information in a certificate request goes beyond a certain limit, the server will not respond to the certificate request.

The SCEP plug-in is required when you use the Windows Server as the CA. In this case, you need to specify RA as the authority for certificate request when configuring the PKI domain.

The SCEP plug-in is not required when you use the RSA Keon software as the CA. In this case, you need to specify CA as the authority for certificate request when configuring the PKI domain.

402