Enrolling and
Installing Certificates
To use digital certificates for authentication, you must
first enroll with a CA, and obtain and install the CA certificate on the VPN
Concentrator. Then, you can enroll and install an identity certificate from the
same CA. You can enroll and install digital certificates manually or
automatically. The automatic method is a new feature that uses Simple
Certificate Enrollment Protocol (SCEP), a secure messaging protocol that
requires minimal user intervention to enroll and install certificates using only
the VPN Concentrator Manager. SCEP was introduced in Chapter 11. SCEP is quicker than
enrolling and installing digital certificates manually, but SCEP is available
only if it meets the following two conditions:
If the CA doesn’t support SCEP or if digital certificates are
enrolled by other means, such as by e-mail or floppy disk, then they must be
processed using the manual method, which requires more steps.
In either case, whichever method is used to install a CA
certificate must also be used to request identity or SSL certificates from that
CA.
Certificate Task Summary
Regardless of whether SCEP or the manual method is used, the
following tasks must be completed to obtain and install certificates:
-
Request and install the required CA certificate(s).
-
Create an enrollment request for one or more identity
certificates.
-
Request an identity certificate from the same CA that issued
the CA certificate(s).
-
Install the identity certificate on the VPN
Concentrator.
-
Enable CRL checking and caching.
-
Enable certificates.
Sections
Comments (0 posted)
Syndication
