1-5The configuration of an entity DN must comply with the CA certificate issue policy. You need todetermine, for example, which entity DN parameters are mandatory and which are optional. Otherwise,certificate request may be rejected.Follow these steps to configure an entity DN:To do… Use the command… RemarksEnter system view system-view —Create an entity and enter itsview pki entity entity-name RequiredNo entity exists by default.Configure the common namefor the entity common-name nameOptionalNo common name is specifiedby default.Configure the country code forthe entity country country-code-strOptionalNo country code is specified bydefault.Configure the FQDN for theentity fqdn name-strOptionalNo FQDN is specified bydefault.Configure the IP address forthe entity ip ip-addressOptionalNo IP address is specified bydefault.Configure the locality of theentity locality locality-nameOptionalNo locality is specified bydefault.Configure the organizationname for the entity organization org-nameOptionalNo organization is specified bydefault.Configure the unit name for theentityorganization-unitorg-unit-nameOptionalNo unit is specified by default.Configure the state or provincefor the entity state state-nameOptionalNo state or province isspecified by default.z Currently, up to two entities can be created on a device.z The Windows 2000 CA server has some restrictions on the data length of a certificate request. Ifthe entity DN in a certificate request goes beyond a certain limit, the server will not respond to thecertificate request.
