NB3700 User Manual 3.8
Parameter SCEP Configuration
Request timeout The max. polling time in seconds for a certificate request
When enrolling certificates, the CA certificate will be initially fetched from the specified
SCEP URL using the getca operation. It will be shown on the configuration page and
it has to be verified that it belongs to the correct authority. Otherwise, the CA must be
rejected. This part is essential when using SCEP as it builds up the chain of trust.
If a certificate enrollment request times out, it is possible to re-trigger the interrupted
enrollment request and it will be resumed using the previously generated key. In case a
request has been rejected, you are required to erase the certificate first and then start
the enrollment process all over again.
Authorities
For SSL client connections (as used by SDK functions or when downloading configura-
tion/software images) you might upload a list of CA certificates which are considered
trusted.
To obtain the CA certificate from a particular site with Mozilla Firefox, the following
steps will be required:
• Point the browser to the relevant HTTPS website
• Click the padlock in the address bar
• Click the More Information and the View Certificate button
• Select the Details tab press the Export button
• Choose a path for the file (e.g. website.pem)
The PEM-encoded X.509 certificate files can be edited and appended using a simple
editor and then uploaded to the box. Once present, an SSL client connection will
terminate if verification with any of those CA certificates fails.
156
To Next Page
Loading...
