No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

AR650, AR1600, and AR6100 V300R003

This document describes how to configure and maintain your routers using the web platform.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
PKI Domain

PKI Domain

Context

Before an entity applies for a certificate, some enrollment information must be configured. The collection of the enrollment information is called the PKI domain of an entity.

Procedure

  • Creating a PKI domain
    1. Access the PKI Domain tab page.

      Log in to the web platform and choose Security > PKI > PKI Domain. As show in Figure 14-49.

      Figure 14-49   PKI Domain

    2. Click Create and set parameters in the Create PKI Domain dialog box that is displayed. Table 14-23 describes the parameters. As show in Figure 14-50.

      Figure 14-50   Create PKI Domain

      Table 14-23  PKI domain parameters

      Parameter

      Description

      PKI domain name

      Name of a PKI domain.

      PKI entity name

      Name of a created PKI entity.

      Certificate validation method

      Certificate check mode of crl, ocsp, or none.

      Certificate revocation password

      Revocation password of the certificate.

      The password must meet complexity requirements. A password should consist of at least 6 characters, and contain at least two types of the following: lowercase letters, uppercase letters, numerals, special characters (such as ! $ # %). The password cannot contain spaces and question marks.

      Confirm password

      Confirmed revocation password of the certificate.

      Automatic registration and update

      Whether to enable the automatic certificate enrollment and update function.

      Local key pair

      The name of local key pair.

      CA identifier

      ID of a CA.

      Certificate request URL

      Enrollment URL.

      The URL is in the format of http://server_location/ca_script_location. The server_location field supports only the IP address format and the ca_script_location field is the path where CA's application script is located, for example, http://10.137.145.158:8080/certsrv/mscep/mscep.dll.

      RA mode

      Whether to enable the registration authority (RA) mode.

      CA root certificate fingerprint

      CA certificate fingerprint used in CA certificate authentication. The options are as follows:
      • MD5: message digest algorithm 5
      • SHA1: secure hash algorithm 1
      • SHA2: secure hash algorithm 2

        The default value is SHA2.

      OCSP server URL

      URL of the Online Certificate Status Protocol (OCSP) server.

      CDP URL

      CRL distribution point (CDP) URL. CRL refers to certificate revocation list.

      CRL cache

      Whether to use the buffered CRL in the PKI domain.

      CRL update interval (hours)

      Interval for updating the CRL.

    3. Click OK.
  • Modifying a PKI domain
    1. Access the PKI Domain tab page.

      Log in to the web platform and choose Security > PKI > PKI Domain.

    2. Select a PKI domain in the PKI Domain Information List area, and click .
    3. In the Modify PKI Domain dialog box that is displayed, modify the parameters. The parameter PKI domain name cannot be modified. The parameters are the same as those in Figure 14-50
    4. Click OK.
  • Deleting a PKI domain
    1. Access the PKI Domain tab page.

      Log in to the web platform and choose Security > PKI > PKI Domain.

    2. Select the check box of a PKI domain and click Delete.
    3. In the dialog box that is displayed, click OK.
Download
Updated: 2019-04-12

Document ID: EDOC1100041803

Views: 36091

Downloads: 100

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next