Table of Contents
Advertisement
Virtual Private Networks (VPN)
16. (Optional) Enable verbose logging in /var/log/scep_client:
(config network scep_client scep_client_name)> debug true
(config network scep_client scep_client_name)>
17. Save the configuration and apply the change:
(config network scep_client scep_client_name)> save
Configuration saved.
>
18. Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection
menu. Type quit to disconnect from the device.
Example: SCEP client configuration with Fortinet SCEP server
In this example configuration, we will configure the IX30 device as a SCEP client that will connect to a
Fortinet SCEP server.
Fortinet configuration
On the Fortinet server:
1. Enable ports for SCEP services:
a. From the menu, select Network > Interfaces.
b. Select the appopriate port and click Edit.
c. For Access Rights > Services, enable the following services:
n
n
n
n
d. The remaining fields can be left at their defaults or changed as appropriate.
e. Click OK.
2. Create a Certificate Authority (CA):
a. From the menu, click Certificate Authorities > Local CAs.
b. Click Create New.
c. Type a Certificate ID for the CA, for example, fortinet_example_ca.
d. Complete the Subject Information fields.
e. The remaining fields can be left at their defaults or changed as appropriate.
f. Click OK.
3. Edit SCEP settings:
a. From the menu, click SCEP > General.
b. Click Enable SCEP if it is not enabled.
c. For Default enrollment password, enter a password. The password entered here must
correspond to the challenge password configured for the SCEP client on the IX30 device.
IX30 User Guide
HTTPS > SCEP
HTTPS > CRL Downloads
HTTP > SCEP
HTTP > CRL Downloads
IPsec
386
Advertisement
Table of Contents
