Network Configuration 7 - 13
Figure 7-8 Crypto CMP Policy Creation screen
5. If creating a new Crypto CMP policy assign it a Name up to 31 characters to help distinguish it.
6. Set the Certificate Renewal Timeout period to trigger a new certificate renewal request with the dedicated CMP server
resource. The range is 1-60 days. The default is 14 days.
The expiration of the certificate is checked once a day. When a certificate is about to expire a certificate renewal is initiated
with the server via an existing IPsec tunnel. If the tunnel is not established, the CMP renewal request is not sent. If a
renewal succeeds the newly obtained certificate overwrites an existing certificate. If the renewal fails, an error is logged.
7. Select Certificate Update to automatically trigger a certificate update request when a certificate expires.
8. Select + Add Row and define the following Crypto CPM Policy settings for the server resource:
9. Set the following Trust Points settings.The trustpoint is used for various services as specifically set the controller, service
platform or access point.
Enable Use the drop-down menu to set the CMS server as either the Primary (first choice) or Secondary
(secondary option) CMP server resource.
IP Define the IP address for the CMP CA server managing digital certificate requests. CMP
certificates are encrypted with CA's public key and transmitted to the defined IP destination
over a typical HTTP or TLS session.
Path Provide a complete path to the CMP CA’s trustpoint.
Port Provide a CMP CA port number.
Name Enter the 32 character maximum name assigned to the target trustpoint. A trustpoint represents
a CA/identity pair containing the identity of the CA, CA specific configuration parameters, and
an association with an enrolled identity certificate. This field is mandatory.
To Next Page
Loading...
