Variables Returned by the Approve Revocation Interface (Continued)
Table 3-3
Variable
serialNumber
Certificate Enrollment Protocol Interface
Description
URI:
Available on: Certificate Manager and Registration Manager
Function: Handles Certificate Enrollment Protocol (CEP) requests from devices
such as Virtual Private Network (VPN) routers.
VPN routers use CEP to enroll in and get information about their PKI. The
Certificate Enrollment Protocol interface uses CEP to issue new certificates,
distribute Certificate Revocation List (CRL) data, and distribute the CA certificate.
Default Forms
There are no forms that use the Certificate Enrollment Protocol. The interface is
provided so that VPN clients, such as routers, can use CEP to interact with the PKI.
Request Parameters
You will not generally develop your own request forms or response templates for
use with CEP. The Certificate Enrollment Protocol interface complies with the CEP
protocol developed by Cisco, so if your application or device uses this protocol it
will be able to use the Certificate Enrollment Protocol Interface.
To use the interface with a Cisco router, for example, you configure the router to
point to the end-entity gateway port using the router's enrollment url command.
You can then use
> crypto ca identity Example
Description
number
The decimal serial number of the certificate.
/cgi-bin/pkiclient.exe
crypto ca enroll
Certificate Enrollment Protocol Interface
to request a certificate:
Chapter 3
End-Entity Interface Reference
47