3Com 2928 User Guide - Page 424
Requesting a Certificate Automatically, Remarks, Table 1-2
UPC - 662705557113
View all 3Com 2928 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 424 highlights
Task Requesting a Local Certificate Remarks Required When requesting a certificate, an entity introduces itself to the CA by providing its identity information and public key, which will be the major components of the certificate. A certificate request can be submitted to a CA in two ways: online and offline. z In online mode, if the request is granted, the local certificate will be retrieved to the local system automatically. z In offline mode, you need to retrieve the local certificate by an out-of-band means. Destroying the RSA Key Pair Retrieving a Certificate Retrieving and Displaying a CRL If there is already a local certificate, you cannot perform the local certificate retrieval operation. This is to avoid possible mismatch between the local certificate and registration information resulting from relevant changes. To retrieve a new local certificate, you need to remove the CA certificate and local certificate first. Optional Destroy the existing RSA key pair and the corresponding local certificate. If the certificate to be retrieved contains an RSA key pair, you need to destroy the existing key pair. Otherwise, the retrieving operation will fail. Optional Retrieve an existing certificate. Optional Retrieve a CRL and display its contents. Requesting a Certificate Automatically Perform the tasks in Table 1-2 to configure the PKI system to request a certificate automatically. Table 1-2 Configuration task list for requesting a certificate automatically Task Remarks Creating a PKI Entity Required Create a PKI entity and configure the identity information. A certificate is the binding of a public key and an entity, where an entity is the collection of the identity information of a user. A CA identifies a certificate applicant by entity. The identity settings of an entity must be compliant to the CA certificate issue policy. Otherwise, the certificate request may be rejected. Creating a PKI Domain Required Create a PKI domain, setting the certificate request mode to Auto. Before requesting a PKI certificate, an entity needs to be configured with some enrollment information, which is referred to as a PKI domain. A PKI domain is intended only for convenience of reference by other applications like SSL, and has only local significance. Destroying the RSA Key Pair Optional Destroy the existing RSA key pair and the corresponding local certificate. If the certificate to be retrieved contains an RSA key pair, you need to destroy the existing key pair. Otherwise, the retrieving operation will fail. 1-5