Operation Manual – PKIH3C S3610&S5510 Series Ethernet Switches Chapter 1 PKI Configuration1-6To do… Use the command… RemarksConfigure the IP addressfor the entity ip ip-addressOptionalNo IP address is specifiedby default.Configure the locality ofthe entity locality locality-nameOptionalNo locality is specified bydefault.Configure theorganization name for theentityorganization org-nameOptionalNo organization isspecified by default.Configure the unit namefor the entityorganization-unitorg-unit-nameOptionalNo unit is specified bydefault.Configure the state orprovince for the entity state state-nameOptionalNo state or province isspecified by default.Note:z Currently, up to two entities can be created on a device.z Windows 2000 CA server has some restrictions on the data length of a certificaterequest. If the entity DN in a certificate request goes beyond a certain limit, theserver does not respond to the certificate request.1.4 Configuring a PKI DomainBefore requesting a PKI certificate, an entity needs to be configured with someenrollment information, which is referred to as a PKI domain. A PKI domain is intendedonly for convenience of reference by other applications, and has only local significance.A PKI domain is defined by these parameters:z Trusted CAAn entity requests a certificate from a trusted CA.z EntityA certificate applicant uses an entity to provide its identity information to a CA.z RAGenerally, an independent RA is in charge of certificate request management. Itreceives the registration request from an entity, checks its qualification, and determineswhether to ask the CA to sign a digital certificate. The RA only checks the applicationqualification of an entity; it does not issue any certificate. Sometimes, the registration
