Table of Contents
Advertisement
Virtual Private Networks (VPN)
3. Add a new SCEP client:
(config)> add network scep_client scep_client_name
(config network scep_client scep_client_name
)>
4. Enable the SCEP client:
(config network scep_client scep_client_name)> enable true
(config network scep_client scep_client_name)>
5. Set the url parameter to the fully qualified domain name or IP address of the SCEP server:
(config network scep_client scep_client_name)> server url
https://scep.example.com
(config network scep_client scep_client_name)>
6. (Optional) Set a CA identity string that will be understood by the certificate authority. For
example, it could be a domain name or a user name. If the certificate authority has multiple
CA certificates, this field can be used to distinguish which is required.
(config network scep_client scep_client_name)> server ca_ident string
(config network scep_client scep_client_name)>
7. Set the HTTP URL path required for accessing the certificate authority. You should leave this
option at the default of /cgi-bin/pkiclient.exe unless directed by the CA to use another path.
(config network scep_client scep_client_name)> server path path
(config network scep_client scep_client_name)>
8. Set the challenge password as configured on the SCEP server:
(config network scep_client scep_client_name)> server password challenge_
password
(config network scep_client scep_client_name)>
9. Set Distinguished Name attributes:
a. Set the Domain Component:
(config network scep_client scep_client_name)> distinguished_name dc
value
(config network scep_client scep_client_name)>
b. Set the two letter Country Code:
(config network scep_client scep_client_name)> distinguished_name c
value
(config network scep_client scep_client_name)>
c. Set the State or Province:
IX30 User Guide
IPsec
383
Advertisement
Table of Contents
