Configuring a PKI entity
A certificate applicant uses an entity to provide its identity information to a CA. A valid PKI entity must include one or more of following identity categories:
Distinguished name (DN) of the entity, which further includes the common name, county code, locality, organization, unit in the organization, and state. If you configure the DN for an entity, a common name is required.
FQDN of the entity.
IP address of the entity.
Whether the categories are required or optional depends on the CA policy. Follow the CA policy to configure the entity settings. For example, if the CA policy requires the entity DN, but you configure only the IP address, the CA rejects the certificate request from the entity.
The SCEP add-on on the Windows 2000 CA server has restrictions on the data length of a certificate request. If a request from a PKI entity exceeds the data length limit, the CA server does not respond to the certificate request. In this case, you can use an out-of-band means to submit the request. Other types of CA servers, such as RSA servers and OpenCA servers, do not have such restrictions.
To configure a PKI entity:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a PKI entity and enter its view. | pki entity entity-name | By default, no PKI entities exist. To create multiple PKI entities, repeat this step. |
3. Set a common name for the entity. | common-name common-name-sting | By default, the common name is not set. |
4. Set the country code of the entity. | country country-code-string | By default, the country code is not set. |
5. Set the locality of the entity. | locality locality-name | By default, the locality is not set. |
6. Set the organization of the entity. | organization org-name | By default, the organization is not set. |
7. Set the unit of the entity in the organization. | organization-unit org-unit-name | By default, the unit is not set. |
8. Set the state where the entity resides. | state state-name | By default, the state is not set. |
9. Set the FQDN of the entity. | fqdn fqdn-name-string | By default, the FQDN is not set. |
10. Configure the IP address of the entity. | ip { ip-address | interface interface-type interface-number } | By default, the IP address is not configured. |