Table of Contents
Advertisement
Table 9-1
CEP service-related configuration parameters in the configuration file
Parameter
Description
Specifies whether to create an entry in the directory before publishing
createEntry
the certificate. Note that to publish a certificate, an entry must already
exist for the DN in the directory.
• Enter true if you want the Certificate Manager to create an entry
• Enter false if an entry already exists in the directory and you
Specifies the URL for CEP enrollment. It is used if the router requests
url
a subject name such as
unstructuredAddress=1.2.3.4+unstructuredName=
fred.example.com. You will need to append the DN to add-on
O=example.com as otherwise publishing to the directory will not
work.
Specifies the type of object to assign to the new entry. By default, this
entryObject
is cep, and should not be changed. Note that when
Class
createEntry=true, the Certificate Manager will attempt to create
an entry for the user. The directory hierarchy must be set up correctly
beforehand to accept new entries.
Certificate Issuance to Routers or VPN Clients
In general, issuing a certificate to a router involves the following steps:
Note or print the certificate fingerprint information of the Certificate Manager
1.
CA signing certificate. You will be required to compare this with the fingerprint
the router will show on the screen.
To locate the fingerprint information:
Go to the end-entity page hosted by the Certificate Manager.
a.
Click the Retrieval tab.
b.
List or search for the CA signing certificate.
c.
Click Details.
d.
Scroll down to the section that says "Certificate fingerprint."
e.
if one does not already exist (true/false).
don't want the server to create one.
CEP Enrollment
Chapter 9
Authentication
421
Advertisement
Table of Contents
