Help Center> Edge Data Center Management> User Guide> System> About> Certificate Authority Service> Configuring CMP> Configuring Request Verification
Updated on 2022-04-02 GMT+08:00
View PDF

Configuring Request Verification

Procedure

  1. Choose System > About > Certificate Authority Service from the main menu.
  2. Choose Protocol Configuration > CMP from the navigation tree on the left.
  3. On the Requestor Configuration tab page, click Add. On the Add Requestor Configuration page, set required parameters.

    For detailed parameter descriptions, see Table 1.
    Table 1 Request verification parameters

    Parameter

    Description

    Value

    Label

    Name of a request verification certificate.

    The value can contain only digits, letters, underscores (_), and hyphens (-), but cannot be null or all (case-insensitive).

    Authentication mode

    Certificate

    Certificate configuration mode
    • Upload vendor root CA certificate: Uses the vendor root CA certificate to verify the validity of the signature certificate and certificate chain in the CMP packet. In this mode, you need to upload the vendor certificate and select the associated CA. Obtain the vendor root CA certificate by referring to the method provided by the supplier.
    • New self-signed certificate: If the identity certificate and private key are not available, you can use this method to generate a self-signed certificate using the Certificate Authority Service. Once downloaded, this certificate can be used to sign the CMP request packet. The Certificate Authority Service uses the certificate to verify the validity of the request. In this mode, you need to select the root CA certificate profile, signature algorithm, and associated CA.
    • Upload obtained identity certificate: If an identity certificate is obtained and the private key of this certificate is used to sign the CMP request packet, you can use this method to upload the identity certificate to the CA server to verify the validity of the request. In this mode, you need to upload the identity certificate and select the associated CA.
    • The vendor root certificate to be uploaded must be in .cer, .crt, .p7b, or .pem format. Only one file can be uploaded and the file size cannot exceed 100 KB. The certificate file name is a string of 1 to 256 characters containing Chinese characters, digits, letters, underscores (_), and hyphens (-), spaces, dots (.) and round brackets. It cannot start with a dots (.) or space.
    • The obtained identity certificate to be uploaded must be in .cer or .crt format. Only one file can be uploaded and the file size cannot exceed 10 KB. The certificate file name is a string of 1 to 256 characters containing Chinese characters, digits, letters, underscores (_), and hyphens (-), spaces, dots (.) and round brackets. It cannot start with a dots (.) or space.
    • One request verification can be associated with a maximum of 32 CAs.

    Pre-shared key

    Pre-shared key

    When a user uses a pre-shared key to protect CMP request messages, the same pre-shared key must be configured on the CA. The CA uses the pre-shared key to authenticate request messages and protect response messages.

    The password must be a string of 8 to 128 characters that contain at least three types of the following: digits, uppercase letters, lowercase letters, and special characters. In addition, the password cannot contain three or more of the same characters consecutively.

    Associated CA

    Select an associated CA and configure the request verification to verify the validity of the certificate request of the CA.

    One request verification can be associated with a maximum of 32 CAs.

  4. Click Submit.

Related Tasks

  • Viewing request verification information

    Choose Protocol Configuration > CMP. On the Requestor Configuration tab page, click a request verification name. On the page that is displayed, you can view the detailed information.

  • Searching for request verification information

    Choose Protocol Configuration > CMP. On the Requestor Configuration tab page, enter a request verification name in the name search box and click to find the specified request verification and view the details. The Certificate Authority Service supports fuzzy search by request verification name.

  • Modification request verification

    Choose Protocol Configuration > CMP. On the Requestor Configuration tab page, click Modify corresponding to the desired request verification. On the page that is displayed, modify request verification information.

    The request verification name cannot be changed.

  • Deleting request verification

    Choose Protocol Configuration > CMP. On the Requestor Configuration tab page, click Delete corresponding to the desired request verification.

  • Downloading a request verification certificate

    Choose Protocol Configuration > CMP. On the Requestor Configuration tab page, click Download corresponding to the desired request verification to download the request verification certificate.

    • The password is a string of 8 to 32 characters containing at least three of the following: digits, uppercase letters, lowercase letters, and special characters. In addition, the password cannot contain two or more of the same characters consecutively.
    • The downloaded request verification certificate is in .p12 format. The password is contained in the .p12 file. Enter the password for verification when using a certificate file in .p12 format.
    • You can download the request verification certificate only when the signature type is self-signed.
Parent topic: Configuring CMP