Contents
1 Introduction
This document describes how to configure an enrollment authority.
In Certificate Management, an online enrollment requires the creation of an EnrollmentAuthority Managed Object (MO), which represents a Certificate Authority (CA) or a Registration Authority (RA).
An EnrollmentAuthority MO can be used by several EnrollmentServer MOs.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- A TrustedCertificate MO exists.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To configure an enrollment authority:
- Navigate to the CertM MO, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1
- Enter Config mode:
(CertM=1)>configure
- Create the EnrollmentAuthority MO, for example:
(config-CertM=1)>EnrollmentAuthority=1
- Set the CA authority name, for example:
(config-EnrollmentAuthority=1)>enrollmentAuthorityName="CN=atrcus3409NECertCA,OU=ericssonOAM,O=Ericsson"
Here CN=atrcus3409NECertCA,OU=ericssonOAM,O=Ericsson is an example of a Distinguished Name for a CA enrolling the certificates for O&M node credentials.
- Set the reference to the certificate of the chosen CA
authority, for example:
(config-EnrollmentAuthority=1)>enrollmentCaCertificate="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,CertM=1,TrustedCertificate=1"
- Enter a description of the CA, for example:
(config-EnrollmentAuthority=1)>userLabel="atrcus3409NECertCA O&M Certificate Authority"
- Commit the settings:
(config-EnrollmentAuthority=1)>commit
- Verify the settings:
(EnrollmentAuthority=1)>show
The following is an example output:
EnrollmentAuthority=1 enrollmentAuthorityName="CN=atrcus3409NECertCA,OU=⇒ ericssonOAM,O=Ericsson" enrollmentCaCertificate="ManagedElement=NODE06ST,SystemFunctions=1,⇒ SecM=1,CertM=1,TrustedCertificate=1" userLabel="atrcus3409NECertCA O&M Certificate Authority"