Digi IX30 User Manual page 381

Virtual Private Networks (VPN)
5. Click Enable to enable the SCEP client.
6. For Maximum Polling Time, type the maximum time that the device will poll the SCEP server,
when operating in manual mode.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}.
For example, to set Maximum Polling Time to ten minutes, enter 10m or 600s.
The default is 1d.
7. For Polling Interval, type the amount of time that the device should wait between polling
attempts, when operating in manual mode.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}.
For example, to set Polling Interval to ten minutes, enter 10m or 600s.
The default is 5s.
8. For Key Length, type the bit size of the private key. The default is 2048.
9. For Renewable Time, type the number of days that the certificate enrollment can be renewed,
prior to the request expiring. This value is configured on the SCEP server, and is used by the
IX30 device to determine when to start attempting to auto-renew an existing certificate. The
default is 7.
10. (Optional) Click Debug to enable verbose logging in /var/log/scep_client.
11. Click to expand SCEP server.
12. For FQDN, type the fully qualified domain name or IP address of the SCEP server.
13. (Optional) For CA identity, type a string that will be understood by the certificate authority.
For example, it could be a domain name or a user name. If the certificate authority has
multiple CA certificates, this field can be used to distinguish which is required.
14. For Path, Type the HTTP URL path required for accessing the certificate authority. You should
leave this option at the default of /cgi-bin/pkiclient.exe unless directed by the CA to use
another path.
15. For Password, type the challenge password as configured on the SCEP server.
16. For Encryption Algorithm, select the PKCS#7 encryption algorithm. The default is Auto, which
automatically selects the best algorithm.
17. For Signature Algorithm, select the PKCS#7 signature algorithm. The default is Auto, which
automatically selects the best algorithm.
IX30 User Guide
IPsec
381