1-5To do… Use the command… RemarksConfigure the common name forthe entity common-name nameOptionalNo common name is specified bydefault.Configure the country code for theentity country country-code-strOptionalNo country code is specified bydefault.Configure the FQDN for the entity fqdn name-str OptionalNo FQDN is specified by default.Configure the IP address for theentity ip ip-addressOptionalNo IP address is specified bydefault.Configure the locality of the entity locality locality-name OptionalNo locality is specified by default.Configure the organization namefor the entity organization org-nameOptionalNo organization is specified bydefault.Configure the unit name for theentity organization-unit org-unit-name OptionalNo unit is specified by default.Configure the state or province forthe entity state state-nameOptionalNo state or province is specified bydefault.z Currently, up to two entities can be created on a device.z The Windows 2000 CA server has some restrictions on the data length of a certificate request. Ifthe entity DN in a certificate request goes beyond a certain limit, the server will not respond to thecertificate request.Configuring a PKI DomainBefore requesting a PKI certificate, an entity needs to be configured with some enrollment information,which is referred to as a PKI domain. A PKI domain is intended only for convenience of reference byother applications like IKE and SSL, and has only local significance.A PKI domain is defined by these parameters:z Trusted CAAn entity requests a certificate from a trusted CA.z EntityA certificate applicant uses an entity to provide its identity information to a CA.z RAGenerally, an independent RA is in charge of certificate request management. It receives theregistration request from an entity, checks its qualification, and determines whether to ask the CA tosign a digital certificate. The RA only checks the application qualification of an entity; it does not issue