MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 373
User Name - For FTP and SFTP, the user name on the remote server
Password - For FTP and SFTP, the password on the remote server
Control Port - For FTP, the TCP control port (advanced setting - use default)
Data Port - For FTP, the TCP data port (advanced setting - use default)
Block Size - For TFTP, the block size as defined in RFP 2348 (advanced setting - use default)
Timeout - For FTP, TFTP, and SFTP, the timeout in seconds (advanced setting - use default)
Certificate Server Identity – For SCEP, the ID of a predefined certificate server to
communicate with via the SCEP protocol
Issuing CA Server Identity - For SCEP, the ID of a predefined issuing CA server
Certificate Info Identity - For SCEP, the ID of a predefined set of certificate information
used as the source for the common X.509 fields, such as country and locale
Key Identity - For SCEP, the ID of an existing private key used to create the certificate
Import Intent - For SCEP, determines whether to create a new certificate or renew an existing
certificate
CA Challenge String - For SCEP when creating a new certificate, the challenge string from
the CA server that must be provided as part of the new client certificate request
Existing Certificate Identity - For SCEP when renewing an existing certificate, the identity
of the existing client certificate
Existing Key Identity - For SCEP when renewing an existing certificate, the identity of the
private key used to create the existing client certificate
The following example shows how to have the device download a client certificate file (named
cert_2048.pem) from a TFTP server running on a host (address 192.168.1.10) that is accessible from the
MCR (e.g. a locally connected host or remote host accessible via cellular interface). To start the client
certificate import from the CLI, enter the following command to download the client certificate from the
TFTP server:
> request pki client-certs import cert-identity scep_client_cert scep { filename cert_2048.pem
manual-file-server { tftp { address 192.168.1.10 } } }
The following example shows how to have the device import a new client certificate from a predefined
SCEP server that is accessible from the MCR (e.g. a locally connected host or remote host accessible via
cellular interface). To start the client certificate import from the CLI, enter the following command to
download the new client certificate from the SCEP server:
> request pki client-certs import cert-identity scep_client_cert scep {
cert-server-identity predefined_cert_server ca-issuer-identity predefined_ca_server cert-info-
identity predefined_cert_info ca-cert-identity scep_ca_cert private-key-identity
imported_key_2048 ca-challenge 36DE2A1E53BECF9AE5BB3E0B12D4C85E }
The following example shows how to have the device import a renewed client certificate from a
predefined SCEP server that is accessible from the MCR (e.g. a locally connected host or remote host
accessible via cellular interface). To start the client certificate import from the CLI, enter the following
command to download the renewed client certificate from the SCEP server:
> request pki client-certs import cert-identity renewed_scep_client_cert scep { cert-server-
identity predefined_cert_server ca-issuer-identity predefined_ca_server cert-info-identity
predefined_cert_info ca-cert-identity scep_ca_cert private-key-identity imported_key_2048
existing-cert-identity scep_client_cert existing-private-key-identity imported_key_2048 }
Monitoring - Import
Once the import of a client certificate is begun, the process may be cancelled by clicking the Cancel
Import button. The current status of the import process is displayed on the web page. Note that the web
To Next Page
Loading...
Need help?
General
