PKI domain tasks at a glance

To configure a PKI domain, perform the following tasks:

1. Creating a PKI domain

2. Specifying the trusted CA

3. Specifying the PKI entity name

4. Specifying the certificate request reception authority

5. Specifying the certificate request URL

6. (Optional.) Setting the SCEP polling interval and maximum polling attempts

7. Specifying the LDAP server

   This task is required when either of the following conditions is met:

   • The device must obtain certificates from the CA by using the LDAP protocol.

   • An LDAP URL which does not contain the host name of the LDAP server is specified as the CRL repository URL.

8. Specifying the fingerprint for root CA certificate verification

   This step is required if the auto certificate request mode is configured in the PKI domain.

   If the manual certificate request mode is configured, you can skip this step and manually verify the fingerprint displayed during verification of the root CA certificate.

9. Specifying the key pair for certificate request

10. (Optional.) Specifying the intended purpose for the certificate

11. (Optional.) Specifying the source IP address for PKI protocol packets