Help Center> Edge Data Center Management> User Guide> System> About> Certificate Authority Service> Configuring the Privacy CA Protocol> Configuring the EK Trust Certificate
Updated on 2022-04-02 GMT+08:00
View PDF

Configuring the EK Trust Certificate

Context

If the EK certificate is preinstalled on the device, a user uses the RA client to send a challenge value request to the Certificate Authority Service using the privacy CA protocol and import the EK trust certificate chain. The request contains the public AK and EK certificate. After receiving the request, the Certificate Authority Service verifies the public AK information and uses the imported EK trust certificate chain to verify the EK certificate. If the verification is successful, the Certificate Authority Service returns the encrypted challenge value. The user then uses the RA client to send a certificate application request to the Certificate Authority Service using the privacy CA protocol. The request contains the CA name, certificate profile name, subject information, and challenge value. After receiving the request, the Certificate Authority Service checks whether the challenge value has expired and verifies the public AK information. If the verification is successful, the Certificate Authority Service issues the AK certificate.

Procedure

  1. Choose System > About > Certificate Authority Service from the main menu.
  2. Choose Protocol Configuration > Privacy CA Protocol from the navigation tree on the left.
  3. On the EK Trust Certificate Configuration tab page, click Add and set the parameters required for the EK trust certificate.

    For detailed parameter descriptions, see Table 1.

    Table 1 EK trust certificate parameters

    Parameter

    Description

    Value

    Label

    You can customize the name of the EK trust certificate to distinguish different certificate files.

    The value must be a string of 1 to 45 characters, including digits, letters, underscores (_), and hyphens (-). The value cannot be null or all (case-insensitive).

    EK trust certificate

    Select the local EK trust certificate file and upload it to verify the request of certificate application through the privacy CA protocol.
    • The EK trust certificate file to be uploaded must be in .cer, .crt, or .pem format. A maximum of 10 files can be uploaded at a time, and the total file size cannot exceed 100 KB.
    • The certificate file name is a string of 1 to 256 characters containing Chinese characters, digits, letters, underscores (_), and hyphens (-), spaces, dots (.) and round brackets. It cannot start with a dots (.) or space.

  4. After the configuration is complete, click Submit. On the EK Trust Certificate Configuration tab page, you can view the configured EK trust certificate file.

Related Tasks

  • Viewing an EK trust certificate

    Choose Protocol Configuration > Privacy CA Protocol. On the EK Trust Certificate Configuration tab page, click on the left of an EK trust certificate name to view its details.

  • Searching for an EK trust certificate

    Choose Protocol Configuration > Privacy CA Protocol. On the EK Trust Certificate Configuration tab page, enter the name of an EK trust certificate in the search box, and click to find the specified certificate and view its details. The Certificate Authority Service supports fuzzy search by the name of the EK trust certificate.

  • Deleting an EK trust certificate

    Choose Protocol Configuration > Privacy CA Protocol. On the EK Trust Certificate Configuration tab page, click Delete on the right of an EK trust certificate to delete it.