< Home

Summary of PKI Configuration Tasks

Table 1 describes the PKI configuration tasks.

Table 1 PKI configuration tasks

Scenario

Description

Task

Apply for the local certificate online.

You can use SCEP or CMPv2 to apply for the local certificate online. Both SCEP and CMPv2 can be used for automatic certificate update. SCEP is easier to maintain than CMPv2, but CMPv2 can be used to apply for a local certificate for another device.
When using SCEP to apply for the local certificate, perform the operations in the following order:
  1. Preconfiguring a Local Certificate
  2. Applying for and Updating the Local Certificate for a PKI Entity Through SCEP in Applying for and Updating Local Certificate
  3. Verifying the CA and Local Certificates
When using CMPv2 to apply for the local certificate, perform the following operations in order:
  1. Preconfiguring a Local Certificate
  2. Applying for and Updating the Local Certificate Through CMPv2 in Applying for and Updating Local Certificate
  3. (Optional) Installing the Local Certificate
  4. Verifying the CA and Local Certificates

Apply for the local certificate offline.

This is the only choice used when the device is unable to access the CA server due to some reasons such as network inaccessible.

You can generate the certificate application file on the device, and transfer the file to the CA to apply for a license in out of band mode (for example, web, disk, and email). Alternatively, you can directly send the certificate application information to the CA through web.
When you generate the certificate application file on the device, perform the following operations in order:
  1. Preconfiguring a Local Certificate
  2. Applying for the Local Certificate in Offline Mode in Applying for and Updating Local Certificate
  3. (Optional) Downloading a Local Certificate
  4. (Optional) Installing the Local Certificate
  5. Verifying the CA and Local Certificates
When you send the certificate application information to the CA through web, perform the following operations in order:
  1. Send certificate application information to the CA through web.
  2. Download the CA certificate, local certificate, and key pair, and upload them to the storage media.
  3. Install the key pair. For details, see Configuring an RSA Key Pair in Preconfiguring a Local Certificate.
  4. Install the CA certificate. For details, see (Optional) Installing a CA Certificate for a PKI Entity in Preconfiguring a Local Certificate.
  5. Install the local certificate. For details, see (Optional) Installing the Local Certificate.
  6. Verify the certificates. For details, see Verifying the CA and Local Certificates.
Parent Topic: PKI Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >