Chapter 20
Certificate Authority Server
CA Server Wizard: Welcome
CA Server Wizard: Certificate Authority Information
OL-4015-12
affected if the router needs to be rebooted. If your organization does not have
an NTP server, you may want to use a publicly available server, such as the
server described at the following URL:
http://www.eecis.udel.edu/~mills/ntp/clock2a.html
DNS not configured—Specifying DNS servers helps ensure that the router is
•
able to contact the certificate server. DNS configuration is required to contact
the CA server and any other server related to certificate enrollment such as
OCSP servers or CRL repositories if those servers are entered as names and
not as IP addresses.
Domain and/or Hostname not configured—It is recommended that you
•
configure a domain and hostname before beginning enrollment.
The Certificate Authority (CA) server wizard guides you through the
configuration of a CA server. Be sure to have the following information before
you begin:
General information about the CA server—The name that you intend to give
•
the server, the certificate issuer name that you want to use, and the username
and password that enrollees will be required to enter when sending an
enrollment request to the server.
More detailed information about the server—Whether the server will operate
•
in Registration Authority (RA) mode or Certificate Authority (CA) mode, the
level of information about each certificate that the server will store, whether
the server should grant certificates automatically, and the lifetimes of the
certificates granted, and open enrollment requests.
Supporting information—Links to the RA server that will store the
•
certificates and to the Certificate Revocation List Distribution Point (CDP)
server.
Enter basic information about the
window.
Cisco Router and Security Device Manager 2.5 User's Guide
CA
server that you are configuring in this
Create CA Server
20-3