PKI Configuration

Public Key Infrastructure (PKI) certificate is a digital certificate that authenticates users that attempt to set up IPsec tunnels between each other. A certificate provides a centralized key management mechanism for IPsec.

Overview of PKI: This section describes the background and basic concepts of PKI system.

Configuration Precautions for PKI

Configuring CMP-based Certificate Management: Configuring CMP-based certificate management involves creating RSA key pairs, configuring entity information, configuring CMP sessions, and obtaining certificates.

Configuring PKI Certificate: Configuring PKI certificate involves creating RSA key pairs, configuring entity information, obtaining certificates and verifying the certification validity.

Configuring Certificate Validity Check: To ensure communication security during IPsec negotiation, configure certificate validity check.

Controlling Certificate Access Based on Certificate Attributes: The access control policy based on certificate attributes is an extra measure for certificate-based authentication. Only the certificates meeting specific requirements can be authenticated. This achieves refined control on user access permissions.

Maintaining PKI: Maintaining certificates involves deleting certificates and deleting RSA key pairs.

Configuration Examples for PKI: This section provides configuration example of PKI. You can understand the configuration procedures through the configuration flowchart. Each configuration example consists of such information as the networking requirements, configuration notes, and configuration file.

Parent Topic: Security

Copyright © Huawei Technologies Co., Ltd.

Copyright © Huawei Technologies Co., Ltd.

< Previous topic Next topic >