3com 2928 Guida Utente
1-5
Task
Remarks
Required
When requesting a certificate, an entity introduces itself to the CA by providing
When requesting a certificate, an entity introduces itself to the CA by providing
its identity information and public key, which will be the major components of
the certificate.
A certificate request can be submitted to a CA in two ways: online and offline.
A certificate request can be submitted to a CA in two ways: online and offline.
z
In online mode, if the request is granted, the local certificate will be
retrieved to the local system automatically.
z
In offline mode, you need to retrieve the local certificate by an out-of-band
means.
If there is already a local certificate, you cannot perform the local certificate
retrieval operation. This is to avoid possible mismatch between the local
certificate and registration information resulting from relevant changes. To
retrieve a new local certificate, you need to remove the CA certificate and local
certificate first.
retrieval operation. This is to avoid possible mismatch between the local
certificate and registration information resulting from relevant changes. To
retrieve a new local certificate, you need to remove the CA certificate and local
certificate first.
Optional
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you need to destroy
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you need to destroy
the existing key pair. Otherwise, the retrieving operation will fail.
Optional
Retrieve an existing certificate.
Retrieve an existing certificate.
Optional
Retrieve a CRL and display its contents.
Retrieve a CRL and display its contents.
Requesting a Certificate Automatically
Perform the tasks in
to configure the PKI system to request a certificate automatically.
Table 1-2
Configuration task list for requesting a certificate automatically
Task
Remarks
Required
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and an entity, where an entity is the
Create a PKI entity and configure the identity information.
A certificate is the binding of a public key and an entity, where an entity is the
collection of the identity information of a user. A CA identifies a certificate
applicant by entity.
The identity settings of an entity must be compliant to the CA certificate issue
The identity settings of an entity must be compliant to the CA certificate issue
policy. Otherwise, the certificate request may be rejected.
Required
Create a PKI domain, setting the certificate request mode to Auto.
Before requesting a PKI certificate, an entity needs to be configured with some
Create a PKI domain, setting the certificate request mode to Auto.
Before requesting a PKI certificate, an entity needs to be configured with some
enrollment information, which is referred to as a PKI domain.
A PKI domain is intended only for convenience of reference by other
A PKI domain is intended only for convenience of reference by other
applications like SSL, and has only local significance.
Optional
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you need to destroy
Destroy the existing RSA key pair and the corresponding local certificate.
If the certificate to be retrieved contains an RSA key pair, you need to destroy
the existing key pair. Otherwise, the retrieving operation will fail.