Table of Contents
Advertisement
CEP Enrollment
Click Submit.
5.
CEP Enrollment
Note: This feature is supported in legacy enrollment only. CMS can issue
certificates to a wide variety of entities, such as web browsers, SSL-enables servers,
routers, virtual private network (VPN) clients, and so on. This section explains how
you can configure CMS to issue router and VPN-client certificates.
About CEP Enrollment
Cisco routers support the use of certificates for authentication, encryption, and
tamper detection by using the IP Security (IPSec) protocol. CMS supports Cisco's
PKI protocol, the Certificate Enrollment Protocol (CEP); this protocol runs over
HTTP and provides its own form of encryption. For an overview of certificate
authority support for IPSec, see the information available at this URL:
http://www.cisco.com/warp/public/cc/cisco/mkt/security/
encryp/prodlit/821_pp.htm
You can issue certificates to routers and CEP-compliant Virtual Private Network
(VPN) clients using CMS. Routers use certificates to authenticate each other and to
establish an encrypted IPSec channel between them; all TCP/IP communication
passes through this encrypted channel.
CMS is set up to support issuance of certificates to routers and VPN clients using
the CEP-based enrollment. The CEP enrollment URL is in the following form:
http://<DNS hostname>:<HTTP_port>/cgi-bin/pkiclient.exe
Note that older routers may require that the port associated with this enrollment is
the default web server port, port
In order to publish these certificates to an LDAP-compliant directory, you need to
perform some additional configuration to accommodate the needs of routers and
VPN clients, which need to retrieve certificates and CRLs via LDAP.
412
Netscape Certificate Management System Administrator's Guide • June 2003
.
80
Advertisement
Table of Contents
