Motorola WiNG 5.7.1 System Reference Manual page 591

5. If creating a new Crypto CMP policy assign it a
6. Set the Certificate Renewal Timeout
resource. The range is 1-60 days. The default is 14 days.
The expiration of the certificate is checked once a day. When a certificate is about to expire a certificate renewal is initiated
with the server via an existing IPsec tunnel. If the tunnel is not established, the CMP renewal request is not sent. If a
renewal succeeds the newly obtained certificate overwrites an existing certificate. If the renewal fails, an error is logged.
7. Select Certificate Update
8. Select + Add Row and define the following
Enable
IP
Path
Port
9. Set the following Trust Points
various services as specifically set the controller, service platform or access point.
Name
Subject Name
Figure 7-8 Crypto CMP Policy Creation screen
Name up to 31 characters to help distinguish it.
period to trigger a new certificate renewal request with the dedicated CMP server
to automatically trigger a certificate update request when a certificate expires.
CMS Server Configuration
Use the drop-down menu to set the CMS server as either the Primary (first choice) or Secondary
(secondary option) CMP server resource.
Define the IP address for the CMP CA server managing digital certificate requests. CMP
certificates are encrypted with CA's public key and transmitted to the defined IP destination
over a typical HTTP or TLS session.
Provide a complete path to the CMP CA's trustpoint.
Provide a CMP CA port number.
settings. Use the + Add Row
Enter the 32 character maximum name assigned to the target trustpoint. A trustpoint represents
a CA/identity pair containing the identity of the CA, CA specific configuration parameters, and
an association with an enrolled identity certificate. This field is mandatory.
Provide a subject name of up to 512 characters for the certificate template example. This field
is mandatory.
settings for the server resource:
button to add a row to this table. The trustpoint is used for
7 - 13