Manage X.509 certificates and host key pairs
Digi TransPort User Guide 792
Enrolment Password
Before you can create a certificate request you must first obtain a challenge password from
the Certificate Authority Server. This password is generally obtained from the SCEP CA server
by way of a WEB server or a phone call to the CA Server Administrator. For the Microsoft
®
SCEP server, you browse to a web interface. If the server requires a challenge password, it will
be displayed on the page along with the CA certificate fingerprint. This challenge password is
usually only valid once and for a short period of time, in this case 60 minutes, meaning a
certificate request must be created after retrieving the challenge password.
Common Name (CN)
A name for the router. This parameter is important, as the common name will be used as the
router’s ID for IKE negotiations.
Country Code (C)
The two-character county code of where the router is located. A list of valid country codes can
be found at http://www.iso.org/iso/english_country_names_and_code_elements.
State or Province (ST)
The state, county, or province of where the router is located.
Locality (L)
The town or city of where the router is located.
Organisation (O)
The company to whom the router belongs to.
Organisational Unit (OU)
The company department maintaining the router.
E-mail
An appropriate email address of a contact for the router.
Unstructured Name
This parameter is optional. It can contain some descriptive to help identify the certificate.
Digest Algorithm
The digest algorithm used (MD5 or SHA1) when signed the certificate request.
Ignore NONCE in SCEP response
The parameter instructs the router to ignore the NONCE field in the SCEP response. The
NONCE field is primarily used to prevent replay attacks.
To Next Page
Loading...
