Contents
1 Description
This instruction describes how to configure an enrollment authority.
In Certificate Management, an online enrollment requires the creation of an EnrollmentAuthority Managed Object (MO), which represents a Certificate Authority (CA) or a Registration Authority (RA).
An EnrollmentAuthority MO can be used by several EnrollmentServer MOs.
2 Procedure
2.1 Configure Enrollment Authority
Prerequisites
- No documents are required.
- No tools are required.
- The following condition must apply:
- The user has the System Security Administrator role.
- A TrustedCertificate MO exists.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
Steps
- Navigate to the CertM MO, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1
- Enter Config mode:
(CertM=1)>configure
- Create the EnrollmentAuthority MO, for example:
(config-CertM=1)>EnrollmentAuthority=1
- Set the Certificate Authority (CA) name, for example:
(config-EnrollmentAuthority=1)>enrollmentAuthorityName="CN=atrcus3409NECertCA,OU=ericssonOAM,O=Ericsson"
Here CN=atrcus3409NECertCA,OU=ericssonOAM,O=Ericsson is an example of a Distinguished Name for a CA enrolling the certificates for O&M node credentials.
- Set the reference to the certificate of the chosen CA,
for example:
(config-EnrollmentAuthority=1)>enrollmentCaCertificate="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1,TrustedCertificate=1"
- Enter a description of the CA, for example:
(config-EnrollmentAuthority=1)>userLabel="atrcus3409NECertCA O&M Certificate Authority"
- Commit the settings:
(config-EnrollmentAuthority=1)>commit
- Verify the settings:
(EnrollmentAuthority=1)>show
The following is an example output:
EnrollmentAuthority=1 enrollmentAuthorityName="CN=atrcus3409NECertCA,⇒ OU=ericssonOAM,O=Ericsson" enrollmentCaCertificate="ManagedElement=NODE06ST,⇒ SystemFunctions=1,SecM=1,CertM=1,TrustedCertificate=1" userLabel="atrcus3409NECertCA O&M Certificate Authority"