R3303-HP HSR6800 Routers Security Configuration Guide
232
2B
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 CRL Distribution Points:
URI:http://4.4.4.133:447/myca.crl
You can also use some other display commands (display pki certificate ca domain and display pki crl
domain commands) to display detailed information about the CA certificate and CRLs.
Certificate request from a Windows 2003 CA server
Network requirements
Configure PKI entity Router to request a local certificate from the CA server.
Figure 81 Network diagram
Configuring the CA server
1. Install the certificate service suites:
a. Select Control Panel > Add or Remove Programs from the start menu.
b. Select Add/Remove Windows Components > Certificate Services.
c. Click Next to begin the installation.
2. Install the SCEP add-on:
As a CA server running the Windows 2003 server does not support SCEP by default, you need to
install the SCEP add-on so that the router can register and obtain its certificate automatically. After
the SCEP add-on installation completes, a URL is displayed, which you need to configure on the
router as the URL of the server for certificate registration.
3. Modify the certificate service attributes:
a. Select Control Panel > Administrative Tools > Certificate Authority from the start menu.
If the CA server and SCEP add-on have been installed successfully, there should be two
certificates issued by the CA to the RA.
b. Right-click the CA server in the navigation tree and select Properties > Policy Module.
c. Click Properties and select Follow the settings in the certificate template, if applicable.
Otherwise, automatically issue the certificate.
4. Modify the Internet Information Services (IIS) attributes:
a. Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from
the start menu.
b. Select Web Sites from the navigation tree.
c. Right-click Default Web Site and select Properties > Home Directory.
d. Specify the path for certificate service in the Local path text box.