Login
- Table of Contents
-
- H3C SecPath Security Products FAQ(V7)-6W100
- 00-Preface
- 01-System management and maintenance FAQ
- 02-Device forwarding FAQ
- 03-License management FAQ
- 04-RBM-based hot backup FAQ
- 05-NAT FAQ
- 06-User access and authentication FAQ
- 07-Attack detection and prevention FAQ
- 08-IPS FAQ
- 09-Anti-virus FAQ
- 10-URL filtering FAQ
- 11-File filtering FAQ
- 12-Bandwidth management FAQ
- 13-SSL VPN FAQ
- 14-IPsec FAQ
- 15-Load balancing FAQ
- 16-Mirroring FAQ
- 17-IRF FAQ
- 18-Security policy FAQ
- 19-Security zone FAQ
- 20-ASPF FAQ
- 21-PKI FAQ
- 22-APR FAQ
- 23-DPI FAQ
- 24-Application audit and management FAQ
- 25-Data filtering FAQ
- 26-Data analysis center FAQ
- 27-WAF FAQ
- 28-AFT FAQ
- 29-SSL decryption FAQ
- 30-NetShare control FAQ
- 31-FAQ on Intranet security comprehensive scoring (Security overview)
- 32-Web operations FAQ
- Related Documents
-
21-PKI FAQ
| Title | Size | Download |
|---|---|---|
| 21-PKI FAQ | 15.75 KB |
PKI FAQ
Q. Why does the usage configuration in the PKI domain not take effect?
A. By default, no extensions are specified for certificates in the PKI domain. A certificate can be used by IKE, SSL clients, and SSL servers. The usage command is used to specify the extensions for certificates. The extension options contained in an issued certificate depends on the CA policy, and might be different from those specified in the PKI domain. The usage configuration is not required in the PKI domain. If the usage command is configured in the PKI domain but does not take effect, please verify the actual extensions contained in the certificate issued by the CA server.
Q. Should I save the PKI configuration after requesting a certificate?
A. As a best practice, save the PKI configuration after requesting a certificate. Otherwise, malfunctioning might occur because of mismatch between the PKI configuration and requested certificate.
