264
Configuring the switch
1. Configure the entity name as aaa and the common name as
d
evice.
<Device> system-view
[Device] pki entity aaa
[Device-pki-entity-aaa] common-name device
[Device-pki-entity-aaa] quit
2. Configure the PKI domain:
# Create PKI domain torsa and enter its view.
[Device] pki domain torsa
# Configure the name of the trusted CA as myca.
[Device-pki-domain-torsa] ca identifier myca
# Configure the URL of the registration server in the format of http://host:port/
certsrv/mscep/mscep.dll, where host:port indicates the IP address and port number of the CA
server.
[Device-pki-domain-torsa] certificate request url
http://4.4.4.1:8080/certsrv/mscep/mscep.dll
# Set the registration authority to RA.
[Device-pki-domain-torsa] certificate request from ra
# Specify the entity for certificate request as aaa.
[Device-pki-domain-torsa] certificate request entity aaa
3. Generate a local key pair using RSA:
[Device] public-key local create rsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits in the modulus [default = 1024]:
Generating Keys...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++
4. Apply for certificates:
# Retrieve the CA certificate and save it locally.
[Device] pki retrieval-certificate ca domain torsa
Retrieving CA/RA certificates. Please wait a while......
The trusted CA's finger print is:
MD5 fingerprint:766C D2C8 9E46 845B 4DCE 439C 1C1F 83AB
SHA1 fingerprint:97E5 DDED AB39 3141 75FB DB5C E7F8 D7D7 7C9B 97B4
Is the finger print correct?(Y/N):y
Saving CA/RA certificates chain, please wait a moment......
CA certificates retrieval success.
# Request a local certificate manually.
To Next Page
Loading...
Need help?
General