Field Description
• SCEP : The key is requested from a CA using the Simple Cer-
tificate Enrolment Protocol.
Generate Private Key Only if Mode = Manual.
Select an algorithm for key creation.
RSA (default value) and DSA are available.
Also select the length of the key to be created.
Possible values: 512, 768, 1024, 1536, 2048, 4096.
Please note that a key with a length of 512 bits could be rated
as unsecure, whereas a key of 4096 bits not only needs a lot of
time to create, but also occupies a major share of the resources
during IPSec processing. A value of 768 or more is, however,
recommended and the default value is 1024 bits.
SCEP URL Only if Mode = SCEP.
Enter the URL of the SCEP server, e.g. ht-
tp://scep.funkwerk.de:8080/scep/scep.dll
Your CA administrator can provide you with the necessary data.
CA Certificate Only if Mode = SCEP.
• -Download-: In CA Name, enter the name of the CA certific-
ate of the certification authority (CA) from which you wish to
request your certificate, e.g. cawindows. Your CA adminis-
trator can provide you with the necessary data.
If no CA certificates are available, the device will first down-
load the CA certificate of the relevant CA. It then continues
with the enrolment process, provided no more important para-
meters are missing. In this case, it returns to the Generate
Certificate Request menu.
If the CA certificate does not contain a CRL distribution point
(Certificate Revocation List, CRL), and a certificate server is
not configured on the device, the validity of certificates from
this CA is not checked.
• <name of an existing certificate>: If all the necessary certific-
ates are already available in the system, you select these
14 VPN Funkwerk Enterprise Communications GmbH
268 bintec W1002/W1002n/W2002/WIx040/WIx065