< Home

Configuring a PKI Entity

Context

Local certificates are signed and issued by the CA. A local certificate is a bundle of public key and PKI entity. PKI entity information contains the identity information of the entity. The CA identifies a certificate applicant based on identity information provided by the entity. Therefore, the PKI entity must send the certificate enrollment request carrying PKI entity information to the CA when applying for a local certificate.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run pki entity entity-name

    A PKI entity is created and the PKI entity view is displayed; or the PKI entity view is displayed directly.

    By default, no PKI entity is configured.

    Windows Server 2003 has a low processing performance. When the device is connected to a Windows Server 2003, the device cannot have too many entities configure or use the key pair with a large size. Otherwise, the device may fail to connect to the server.

  3. Run common-name common-name

    A common name is configured for the PKI entity.

    By default, no common name is configured for a PKI entity.

    To uniquely identify an applicant, you can run the following optional commands to configure the alias name for the PKI entity. If you do not configure alias names for the PKI entities that have the same common name, each of them will fail to apply for a certificate.

  4. (Optional) Run ip-address { ipv4-address | interface-type interface-number }

    An IP address is configured for the PKI entity.

    By default, a PKI entity does not have an IP address.

  5. (Optional) Run fqdn fqdn-name

    A fully qualified domain name (FQDN) is configured for the PKI entity.

    By default, no FQDN is configured for a PKI entity.

  6. (Optional) Run email email-address

    An email address is configured for the PKI entity.

    By default, no email address is configured for a PKI entity.

  7. (Optional) Run country country-code

    A country code is configured for the PKI entity.

    By default, no country code is configured for a PKI entity.

  8. (Optional) Run locality locality-name

    A geographic area is configured for the PKI entity.

    By default, no geographic area is configured for a PKI entity.

  9. (Optional) Run state state-name

    A state name or province name is configured for the PKI entity.

    By default, no state name or province name is configured for a PKI entity.

  10. (Optional) Run organization organization-name

    An organization name is configured for the PKI entity.

    By default, no organization name is configured for a PKI entity.

  11. (Optional) Run organization-unit organization-unit-name

    A department name is configured for the PKI entity.

    By default, no department name is configured for a PKI entity.

Parent Topic: Preconfiguring a Local Certificate
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >