129• Distinguished name (DN) of the entity, which further includes the common name, county code,locality, organization, unit in the organization, and state. If you configure the DN for an entity, acommon name is required.• FQDN of the entity.• IP address of the entity.Whether the categories are required or optional depends on the CA policy. Follow the CA policy toconfigure the entity settings. For example, if the CA policy requires the entity DN, but you configure onlythe IP address, the CA rejects the certificate request from the entity.The SCEP add-on on the Windows 2000 CA server has restrictions on the data length of a certificaterequest. If a request for a PKI entity exceeds the data length limit, the CA server does not respond to thecertificate request. In this case, you can use an out-of-band means to submit the request and the CAserver can issue a certificate. Other types of CA servers, such as RSA servers and OpenCA servers, donot have such restrictions.To configure a PKI entity:Step Command Remarks1. Enter system view. system-view N/A2. Create a PKI entity and enterits view. pki entity entity-nameBy default, no PKI entities exist.To create multiple PKI entities, repeatthis step.3. Set a common name for theentity.common-namecommon-name-sting By default, the common name is not set.4. Set the country code of theentity. country country-code-string By default, the country code is not set.5. Set the locality of the entity. locality locality-name By default, the locality is not set.6. Set the organization of theentity. organization org-name By default, the organization is not set.7. Set the unit of the entity inthe organization. organization-unit org-unit-name By default, the unit is not set.8. Set the state where the entityresides. state state-name By default, the state is not set.9. Set the FQDN of the entity. fqdn fqdn-name-string By default, the FQDN is not set.10. Configure the IP address ofthe entity.ip { ip-address | interfaceinterface-typeinterface-number }By default, the IP address is notconfigured.Configuring a PKI domainA PKI domain contains enrollment information for a PKI entity. It is locally significant and is intended onlyfor reference by other applications like SSL.The fingerprint of a CA root certificate is the hash value of the root certificate content. Each CA rootcertificate has a unique hash value. You can specify the fingerprint used for verifying the root certificatein the PKI domain.