Configuring a PKI Trust Domain

A PKI trust domain contains all the necessary configuration information that is used to apply a PKI local certificate, such as key pair, enrollment type, subject, etc. This section describes how to configure a PKI trust domain.

Creating a PKI Trust Domain

To create a PKI trust domain, take the following steps:

1. Select Objects > PKI from the menu bar.
2. In the PKI Management dialog, click the Trust Domain tab, and then click New.
3. In the PKI Configuration dialog, type the name for the trust domain into the Trust domain box, and click an enrollment type. There are two enrollment types available:
   • Manual enrollment: Enrolls a certificate from a terminal (by cutting and pasting).
   • Self-signed certificate: Creates a self-signed certificate.
     
   If Manual enrollment is selected, you need to import a CA certificate in the CA certificate page (click Browse to select a certificate, and then click Import).
4. Click Next and configure Basic and Subject for the trust domain in the next page.
   
   • Trust domain: Displays the name of the trust domain.
   • Key pair: Specifies a key pair for the trust domain.
   • Name: Specifies a common name.
   • Country (Region): Specifies a country (region). Only 1 or 2 characters is permitted, such as CN. (Optional)
   • Locality: Specifies a locality. (Optional)
   • State/Province: Specifies a state or province. (Optional)
   • Organization: Specifies an organization. (Optional)
   • Organization unit: Specifies an organization unit. (Optional)
   • Enroll: Click this button to apply for a certificate.
5. Click Next to configure CRL options in the next page.
   • Check: Configures how to check the CRL.
     No check - System will not check the CRL. This is the default option.
     Optional - System will still accept the peer's authentication even if the CRL is not available.
     Force - System will not accept the peer's authentication unless the CRL is available.
   • Auto refresh: Configures an auto refresh frequency for the CRL.
     Hrs - Refreshes once per hour.
     Daily - Refreshes once per day.
     Every week - Refreshes once per week.
   • URL1: Specifies a URL to retrieve CRL. System supports up to 3 URLs, and will use them by turn of URL1, URL2 and URL3.
   • URL2: Specifies a URL to retrieve CRL.
   • URL3: Specifies a URL to retrieve CRL.
   • Retrieve CRL: Click the button to download the CRL.
6. Click OK to save your settings and return to the PKI Management dialog.

Editing a PKI Trust Domain

To edit a PKI trust domain, take the following steps:

1. Select Objects > PKI from the menu bar.
2. In the PKI Management dialog, click the Trust Domain tab,
3. Select the trust domain you want to edit from the domain list, and click Edit.
4. In the PKI Configuration dialog, modify according to your need.
5. Click OK to save your changes.

Deleting a PKI Trust Domain

To delete a PKI trust domain, take the following steps:

1. Select Objects > PKI from the menu bar.
2. In the PKI Management dialog, click the Trust Domain tab.
3. Select the trust domain you want to delete from the domain list, and click Delete.

Viewing PKI Trust Domain Details

To view a PKI trust domain's details, take the following steps:

1. Select Objects > PKI from the menu bar.
2. In the PKI Management dialog, click the Trust Domain tab.
3. Select a trust domain from the domain list, and click Details.
4. In the PKI Trust Domain Details dialog, view the trust domain's details. Click Back to close the dialog.