Configuration procedure
To configure a PKI domain:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a PKI domain and enter its view. | pki domain domain-name | No PKI domain exists by default. |
3. Specify the trusted CA. | ca identifier name | No trusted CA is specified by default. |
4. Specify the entity for certificate request. | certificate request entity entity-name | No entity is specified by default. The specified entity must exist. |
5. Specify the authority for certificate request. | certificate request from { ca | ra } | No authority is specified by default. |
6. Configure the certificate request URL. | certificate request url url-string | No certificate request URL is configured by default. |
7. Configure the polling interval and attempt limit for querying the certificate request status. | certificate request polling { count count | interval minutes } | Optional. The polling is executed for up to 50 times at the interval of 20 minutes by default. |
8. Specify the LDAP server. | ldap-server ip ip-address [ port port-number ] [ version version-number ] | Optional. No LDP server is specified by default. |
9. Configure the fingerprint for root certificate verification. | root-certificate fingerprint { md5 | sha1 } string | Required when the certificate request mode is auto and optional when the certificate request mode is manual. In the latter case, if you do not configure this command, the fingerprint of the root certificate must be verified manually. No fingerprint is configured by default. |