Configuring an entity DN
A certificate is the binding of a public key and the identity information of an entity, where the identity information is identified by an entity distinguished name (DN). A CA identifies a certificate applicant uniquely by entity DN.
An entity DN is defined by these parameters:
Common name of the entity.
Country code of the entity, a standard 2-character code. For example, CN represents China and US represents the United States.
FQDN of the entity, a unique identifier of an entity on the network. It consists of a host name and a domain name and can be resolved to an IP address. For example, www.whatever.com is an FQDN, where www is a host name and whatever.com a domain name.
IP address of the entity.
Locality where the entity resides.
Organization to which the entity belongs.
Unit of the entity in the organization.
State where the entity resides.
The configuration of an entity DN must comply with the CA certificate issue policy. You need to determine, for example, which entity DN parameters are mandatory and which are optional. Otherwise, certificate requests might be rejected.
To configure an entity DN:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Create an entity and enter its view. | pki entity entity-name | No entity exists by default. You can create up to two entities on a device. |
3. Configure the common name for the entity. | common-name name | Optional. No common name is specified by default. |
4. Configure the country code for the entity. | country country-code-str | Optional. No country code is specified by default. |
5. Configure the FQDN for the entity. | fqdn name-str | Optional. No FQDN is specified by default. |
6. Configure the IP address for the entity. | ip ip-address | Optional. No IP address is specified by default. |
7. Configure the locality for the entity. | locality locality-name | Optional. No locality is specified by default. |
8. Configure the organization name for the entity. | organization org-name | Optional. No organization is specified by default. |
9. Configure the unit name for the entity. | organization-unit org-unit-name | Optional. No unit is specified by default. |
10. Configure the state or province for the entity. | state state-name | Optional. No state or province is specified by default. |
![[NOTE: ]](images/note.png) | NOTE: The Windows 2000 CA server has some restrictions on the data length of a certificate request. If the entity DN in a certificate request goes beyond a certain limit, the server will not respond to the certificate request. | |