SonicWALL 5.8.1 Microscope & Magnifier User Manual


  Open as PDF
of 1490
 
System > Certificates
125
SonicOS 5.8.1 Administrator Guide
Configuring Simple Certificate Enrollment Protocol
The Simple Certificate Enrollment Protocol (SCEP) is designed to support the secure issuance
of certificates to network devices in a scalable manner. There are two enrollment scenarios for
SCEP:
SCEP server CA automatically issues certificates
SCEP request is set to PENDING and the CA administrator manually issues the certificate.
More information about SCEP can be found at:
http://tools.ietf.org/html/draft-nourse-scep-18
Microsoft SCEP Implementation Whitepaper
To use SCEP to issue certificates, follow these steps:
Step 1 Generate a signing request as described above in the “Generating a Certificate Signing
Request” section on page 123.
Step 2 Scroll to the bottom of the System > Certificates page and click on the SCEP button. The
SCEP Configuration window displays.
Step 3 In the CSR List pulldown menu, the UI will automatically select a default CSR list. If you have
multiple CSR lists configured, you can modify this.
Step 4 In the CA URL field, enter the URL for the Certificate authority.
Step 5 If the Challenge Password field, enter the password for the CA if one is required.
Step 6 In the Polling Interval(S) field, you can modify the default value for duration of time in seconds
in between when polling messages are sent.
Step 7 In the Max Polling Time(S) field, you can modify the default value for the duration of time the
firewall will wait for a response to a polling message before timing out.
Step 8 Click the Scep button to submit the SCEP enrollment.
The firewall will then contact the CA to request the certificate. The duration of time this will take
depends on whether the CA issues certificates automatically or manually. The Log > View
page will display messages on the status of the SCEP enrollment and issuance of the
certificate. After the certificate is issued, it will be displayed in the list of available certificates
on the System > Certificates page, under the Imported certificates and requests category.