Operation Manual – PKIH3C S5500-EI Series Ethernet Switches Chapter 1 PKI Configuration1-8To do… Use the command… RemarksConfigure the pollinginterval andmaximum number ofattempts forquerying thecertificate requeststatuscertificate requestpolling { count count |interval minutes }OptionalThe polling is executed for up to50 times at the interval of 20minutes by default.Specify the LDAPserverldap-server ip ip-address[ port port-number ][ versionversion-number ]OptionalNo LDP server is specified bydefault.Configure thefingerprint for rootcertificate validationroot-certificatefingerprint { md5 | sha1 }stringOptionalNo fingerprint is configured bydefault.Note:z Currently, up to two PKI domains can be created on a device.z The CA name is required only when you retrieve a CA certificate. It is not used whenin local certificate request.1.5 Submitting a PKI Certificate RequestWhen requesting a certificate, an entity introduces itself to the CA by providing itsidentity information and public key, which will be the major components of the certificatethat the CA may issue to the entity. A certificate request can be submitted to a CA in twoways: online and offline. In offline mode, a certificate request is submitted to a CA by an“out-of-band” means such as phone, disk, or e-mail.Online certificate request falls into two categories: manual mode and auto mode.1.5.1 Submitting a Certificate Request in Auto ModeIn auto mode, an entity automatically requests a certificate through the SCEP protocolwhen it has no local certificate or the present certificate is about to expire.Follow these steps to configure an entity to submit a certificate request in auto mode:To do… Use the command… RemarksEnter system view system-view —Enter PKI domain view pki domain domain-name —