378 MDS Orbit MCR/ECR Technical Manual MDS 05-6632A01, Rev. F
Current State – The status of the import task:
- inactive
- transfering
- processing
- cancelling
- complete
- failure
- cancelled
Detailed Message – The details regarding the operation, such as “Transferring CA certificate”
Size – The total number of bytes in the file (not displayed on the web UI)
Bytes Transferred – The number of bytes already transferred or processed (not displayed on
the web UI)
Percent Complete – The percentage complete for the operation
To view the status of the import process in the CLI, ensure the CLI is in operational mode and then follow
the example below:
> show pki firmware-certs import-status
pki ca-certs firmware-certs state complete
pki ca-certs firmware-certs detailed-message “Successfully imported firmware certificate”
pki ca-certs firmware-certs size 1586
pki ca-certs firmware-certs bytes-transferred 1586
pki ca-certs firmware-certs percent-complete 100
SCEP and CA Configuration 3.9.6
The process of interacting with a SCEP server involves getting the currently published certificate(s) from
the CA and then making a request for a client certificate with information and key material.
Before any attempt to interact with the SCEP server, the SCEP server itself, the CA associated with the
SCEP server must be identified and the certificate information must be defined.
Configuring
The certificate server is defined under certificate-server. In the operation shown below, we define the
SCEP server.
> set pki certificate-servers certificate-server predefined_cert_server server-type scep scep-
server-setting uri 10.15.60.39/certserv/mscep/mscep.dll poll-interval 5 retry-count 120
digest-algo sha256 encrypt-algo aes128_cbc
This defines the server that is running the SCEP protocol on an accessible network. The unit will append
an 'http://' to the URL so it must not be entered as part of the uri parameter in the configuration. Note also,
the above is just an example. The IP address, specific port (if different from the default) and path to .dll or
.cgi or other SCEP server mechanism must be obtained from the System Administration or Security
personnel.
The configuration of the Certificate Authority that will be accessed at the above server is setup in a
second command under ca-servers.
> set pki ca-servers ca-server predefined_ca_server ca-fingerprint
8777AF0253204589452ECC3CDB9DEC77
The fingerprint of the CA server is another data item obtained from the System Administrator or Security
personnel. The CA server name is the name that will be referenced in the SCEP operations described
below. In general, it is simply for reference and does not have to be a specific name. In fact, it can be the
same name as the ca-server if this helps to remember it. Also, client certificate information that goes in
To Next Page
Loading...
Need help?
General
