Certificate Issuance to Routers or VPN Clients
## Router configuration
eeGateway.cep.cep1.appendDN=O=*BASE_DN*
eeGateway.cep.cep1.createEntry=true
eeGateway.cep.cep1.entryObjectClass=cep
eeGateway.cep.cep1.url=/cgi-bin/pkiclient.exe
eeGateway.cep.cep1.authName=flatfile_router
## VPN configuration
eeGateway.cep.cep2.url=/vpnenroll
eeGateway.cep.cep2.authName=flatfile_VPN
## Router authentication parameters in the configuration file
auths.instance.flatfile_router.fileName=
auths.instance.flatfile_router.authAttributes=pwd
auths.instance.flatfile_router.keyAttributes=UNSTRUCTUREDNAME
auths.instance.flatfile_router.pluginName=flatfile
auths.instance.flatfile_router.deferOnFailure=true
## VPN authentication parameters in the configuration file
auths.instance.flatfile_VPN.fileName=
<full_path_to_the_authentication_file>
auths.instance.flatfile_VPN.authAttributes=pwd
auths.instance.flatfile_VPN.keyAttributes=CN,OU,O
auths.instance.flatfile_VPN.pluginName=flatfile
auths.instance.flatfile_VPN.deferOnFailure=false
## FlatFileAuth plugin registered in the configuration file
auths.impl.flatfile.class=com.netscape.certsrv.authentication.
FlatFileAuth
When setting up multiple CEP services, you can use the
differentiate one CEP service from another. For example, if you're setting up
separate CEP services for router and VPN-client certificates and want to set
different extensions in these certificates, you can make that happen with the help of
predicates; see Table 18-2 on page 564.
Certificate Issuance to Routers or VPN Clients
In general, issuing a certificate to a router involves the following steps:
•
Step 1. Before You Begin
•
Step 2. Generate the Key Pair for the Router
•
Step 3. Request the CA's Certificate
•
Step 4. Submit the Certificate Request to the CA
800
Netscape Certificate Management System Installation and Setup Guide • March 2002
<full_path_to_the_authentication_file>
attribute to
cepsubstore