Creating a pki entity – H3C Technologies H3C SecPath F1000-E User Manual

Page 292

Advertising
background image

280

Task Remarks

Destroying the RSA
key pair

Optional
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you need to destroy the

existing RSA key pair. Otherwise, the retrieving operation will fail.

Retrieving and
displaying a
certificate

Optional
Retrieve an existing certificate and display its information.

IMPORTANT:

Before retrieving a local certificate in online mode, be sure to complete LDAP server

configuration.

If a PKI domain already has a CA certificate, you cannot retrieve another CA

certificate for it. This is in order to avoid inconsistency between the certificate and

registration information due to related configuration changes. To retrieve a new CA
certificate, use the pki delete-certificate command to delete the existing CA

certificate and local certificate first.

Retrieving and
displaying a CRL

Optional
Retrieve a CRL and display its contents.

Creating a PKI entity

1.

From the navigation tree, select VPN > Certificate Management > Entity.

Figure 171 PKI entity list

2.

Click Add.

Advertising