3Com 2928 User Guide - Page 428
Description, Enable CRL Checking, Enable CRL
UPC - 662705557113
View all 3Com 2928 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 428 highlights
Item Requesting URL Description Type the URL of the RA. The entity will submit the certificate request to the server at this URL through the SCEP protocol. The SCEP protocol is intended for communication between an entity and an authentication authority. In offline mode, this item is optional; while in other modes, this item is required. LDAP IP Port Version Request Mode Password Encrypt Password Hash Fingerprint Polling Count Polling Interval Enable CRL Checking CRL Update Period Currently, this item does not support domain name resolution. Type the IP address, port number and version of the LDAP server. In a PKI system, the storage of certificates and CRLs is a crucial problem, which is usually addressed by deploying an LDAP server. Select the online certificate request mode, which can be auto or manual. Select this check box to display the password in cipher text. This check box is available only when the certificate request mode is set to Auto. Type the password for certificate revocation. This item is available only when the certificate request mode is set to Auto. Specify the hash algorithm and fingerprint for verification of the CA root certificate. Upon receiving the root certificate of the CA, an entity needs to verify the fingerprint of the root certificate, namely, the hash value of the root certificate content. This hash value is unique to every certificate. If the fingerprint of the root certificate does not match the one configured for the PKI domain, the entity will reject the root certificate. The fingerprint of the CA root certificate is required when the certificate request mode is Auto, and can be omitted when the certificate request mode is Manual. When it is omitted, no CA root certificate verification occurs automatically and you need to verify the CA server by yourself. Set the polling interval and attempt limit for querying the certificate request status. After an entity makes a certificate request, the CA may need a long period of time if it verifies the certificate request in manual mode. During this period, the applicant needs to query the status of the request periodically to get the certificate as soon as possible after the certificate is signed. Select this box to specify that CRL checking is required during certificate verification. Type the CRL update period, that is, the interval at which the PKI entity downloads the latest CRLs. This item is available when the Enable CRL Checking check box is selected. By default, the CRL update period depends on the next update field in the CRL file. 1-9