Digi Connect EZ Mini User Manual page 167

Virtual Private Networks (VPN)
1. Enable ports for SCEP services:
a. From the menu, select Network > Interfaces.
b. Select the appopriate port and click Edit.
c. For Access Rights > Services, enable the following services:
n
n
n
n
d. The remaining fields can be left at their defaults or changed as appropriate.
e. Click OK.
2. Create a Certificate Authority (CA):
a. From the menu, click Certificate Authorities > Local CAs.
b. Click Create New.
c. Type a Certificate ID for the CA, for example, fortinet_example_ca.
d. Complete the Subject Information fields.
e. The remaining fields can be left at their defaults or changed as appropriate.
f. Click OK.
3. Edit SCEP settings:
a. From the menu, click SCEP > General.
b. Click Enable SCEP if it is not enabled.
c. For Default enrollment password, enter a password. The password entered here must
correspond to the challenge password configured for the SCEP client on the Connect EZ
device.
d. The remaining fields can be left at their defaults or changed as appropriate.
e. Click OK.
4. Create an Enrollment Request:
a. From the menu, click SCEP > Enrollment Requests.
b. Click Create New.
c. For Automatic request type, select Wildcard.
d. For Certificate authority, select the CA created in step 1, above.
e. Complete the Subject Information fields. The Distinguished Name (DN) attributes entered
here must correspond to the Distinguished Name attributes configured for the SCEP client
on the Connect EZ device.
f. For Renewal > Allow renewal x days before the certified is expired, type the number of
days that the certificate enrollment can be renewed, prior to the request expiring. The
Renewable Time setting on the Connect EZ device must match the setting of this
parameter.
g. The remaining fields can be left at their defaults or changed as appropriate.
h. Click OK.
Connect EZ configuration
On the Connect EZ device:
Digi Connect EZ Mini User Guide
HTTPS > SCEP
HTTPS > CRL Downloads
HTTP > SCEP
HTTP > CRL Downloads
IPsec
167