Table of Contents
Advertisement
Virtual Private Networks (VPN)
13. (Optional) For CA identity, type a string that will be understood by the certificate authority.
For example, it could be a domain name or a user name. If the certificate authority has multiple
CA certificates, this field can be used to distinguish which is required.
14. For Path, Type the HTTP URL path required for accessing the certificate authority. You should
leave this option at the default of /cgi-bin/pkiclient.exe unless directed by the CA to use
another path.
15. For Password, type the challenge password as configured on the SCEP server.
16. For Encryption Algorithm, select the PKCS#7 encryption algorithm. The default is Auto, which
automatically selects the best algorithm.
17. For Signature Algorithm, select the PKCS#7 signature algorithm. The default is Auto, which
automatically selects the best algorithm.
18. Click to expand Distinguished Name.
19. Type the value for each appropriate Distinguished Name attribute.
20. (Optional) Configure the certificate revocation list (CRL):
a. Click to expand CRL.
b. Click Enable to enable the CRL.
c. For Type, select the type of CRL:
n
n
n
The default is URL.
d. If Type is set to URL, for URL, type the URL to be used.
21. Configure certificate renewal:
a. Click to expand Renewal.
b. Click Use New Private Key to enable the creation of a new private key for renewal
requests.
c. Use Client Certificate is enabled by default. Click to disable the use of a client certificate
for renewal requrests.
22. Click Apply to save the configuration and apply the change.
Digi Connect IT® 4 User Guide
URL: The URL to the file name used to access the certificate revocation list from
the CA.
CRLDP: The CRL distribution point.
getCRL: A CRL query using the issuer name and serial number from the certificate
whose revocation status is being queried.
IPsec
360
Advertisement
Table of Contents
