Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
535
14. For Path, Type the HTTPURL path required for accessing the certificate authority. You should
leavethis option at the default of /cgi-bin/pkiclient.exe unlessdirected by the CAto use
another path.
15. For Password, type the challenge password as configured on the SCEPserver.
16. For Encryption Algorithm, select the PKCS#7 encryption algorithm. The default is Auto, which
automatically selects the best algorithm.
17. For Signature Algorithm, select the PKCS#7 signature algorithm. The default is Auto, which
automatically selects the best algorithm.
18. Click to expand Distinguished Name.
19. Typethe value for each appropriate Distinguished Name attribute.
20. (Optional) Configure the certificate revocation list (CRL):
a. Click to expand CRL.
b. Click Enable to enable the CRL.
c. For Type, select the type of CRL:
n
URL: The URLto the file name used to access the certificate revocation list from the
CA.
n
CRLDP: The CRL distribution point.
n
getCRL: ACRL query using the issuer name and serial number from the certificate
whose revocation statusisbeing queried.
The default is URL.
d. If Type is set to URL, for URL, type the URL to beused.
21. Configure certificate renewal:
a. Click to expand Renewal.
b. Click Use New Private Key to enable the creation of a new private key for renewal
requests.
c. Use Client Certificate isenabled by default. Click to disable the use of a client certificate
for renewal requrests.
22. Click Apply to save the configuration and apply the change.
Command line
To Next Page
Loading...