Digi IX10 User Manual page 364

Virtual Private Networks (VPN)
1. Select the device in Remote Manager and click Actions > Open Console, or log into the IX10
local command line as a user with full Admin access rights.
Depending on your device configuration, you may be presented with an Access selection
menu. Type admin to access the Admin CLI.
2. At the command line, type config to enter configuration mode:
> config
(config)>
3. Add a new SCEP client:
(config)> add network scep_client scep_client_name
(config network scep_client scep_client_name
)>
4. Enable the SCEP client:
(config network scep_client scep_client_name)> enable true
(config network scep_client scep_client_name)>
5. Set the url parameter to the fully qualified domain name or IP address of the SCEP server:
(config network scep_client scep_client_name)> server url
https://scep.example.com
(config network scep_client scep_client_name)>
6. (Optional) Set a CA identity string that will be understood by the certificate authority. For
example, it could be a domain name or a user name. If the certificate authority has multiple
CA certificates, this field can be used to distinguish which is required.
(config network scep_client scep_client_name)> server ca_ident string
(config network scep_client scep_client_name)>
7. Set the HTTP URL path required for accessing the certificate authority. You should leave this
option at the default of /cgi-bin/pkiclient.exe unless directed by the CA to use another path.
(config network scep_client scep_client_name)> server path path
(config network scep_client scep_client_name)>
8. Set the challenge password as configured on the SCEP server:
(config network scep_client scep_client_name)> server password challenge_
password
(config network scep_client scep_client_name)>
9. Set Distinguished Name attributes:
a. Set the Domain Component:
(config network scep_client scep_client_name)> distinguished_name dc
value
(config network scep_client scep_client_name)>
b. Set the two letter Country Code:
IX10 User Guide
IPsec
364