Configuring the EK Trust Certificate
Context
If the EK certificate is preinstalled on the device, a user uses the RA client to send a challenge value request to the Certificate Authority Service using the privacy CA protocol and import the EK trust certificate chain. The request contains the public AK and EK certificate. After receiving the request, the Certificate Authority Service verifies the public AK information and uses the imported EK trust certificate chain to verify the EK certificate. If the verification is successful, the Certificate Authority Service returns the encrypted challenge value. The user then uses the RA client to send a certificate application request to the Certificate Authority Service using the privacy CA protocol. The request contains the CA name, certificate profile name, subject information, and challenge value. After receiving the request, the Certificate Authority Service checks whether the challenge value has expired and verifies the public AK information. If the verification is successful, the Certificate Authority Service issues the AK certificate.
Procedure
- Choose from the main menu.
- Choose from the navigation tree on the left.
- On the EK Trust Certificate Configuration tab page, click Add and set the parameters required for the EK trust certificate.
For detailed parameter descriptions, see Table 1.
Table 1 EK trust certificate parameters Parameter
Description
Value
Label
You can customize the name of the EK trust certificate to distinguish different certificate files.
The value must be a string of 1 to 45 characters, including digits, letters, underscores (_), and hyphens (-). The value cannot be null or all (case-insensitive).
EK trust certificate
Select the local EK trust certificate file and upload it to verify the request of certificate application through the privacy CA protocol.
- The EK trust certificate file to be uploaded must be in .cer, .crt, or .pem format. A maximum of 10 files can be uploaded at a time, and the total file size cannot exceed 100 KB.
- The certificate file name is a string of 1 to 256 characters containing Chinese characters, digits, letters, underscores (_), and hyphens (-), spaces, dots (.) and round brackets. It cannot start with a dots (.) or space.
- After the configuration is complete, click Submit. On the EK Trust Certificate Configuration tab page, you can view the configured EK trust certificate file.
Related Tasks
- Viewing an EK trust certificate
Choose . On the EK Trust Certificate Configuration tab page, click on the left of an EK trust certificate name to view its details.
- Searching for an EK trust certificate
Choose . On the EK Trust Certificate Configuration tab page, enter the name of an EK trust certificate in the search box, and click to find the specified certificate and view its details. The Certificate Authority Service supports fuzzy search by the name of the EK trust certificate.
- Deleting an EK trust certificate
Choose . On the EK Trust Certificate Configuration tab page, click Delete on the right of an EK trust certificate to delete it.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot