R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
81
the installation.
# Install the SCEP add-on.
Because a CA server running Windows 2003 server operating system does not support SCEP by default,
it is required to install the SCEP add-on to provide the LB module with automatic certificate registration
and retrieval. After the add-on is installed, a prompt dialog box appears, displaying the URL of the
registration server configured on the LB module.
# Modify the certificate service properties.
From the start menu, select Control Panel > Administrative Tools > Certificate Authority. If the CA server
and SCEP add-on have been installed successfully, there should be two certificates issued by the CA to
the RA. Right-click CA server and select Properties from the shortcut menu, and select the Policy Module
tab in the CA server Properties dialog box. Select the option of Follow the settings in the certificate
template, if applicable. Otherwise, automatically issue the certificate. Then click OK.
# Modify the IIS attributes.
From the start menu, select Control Panel > Administrative Tools > Internet Information Services (IIS)
Manager and then select Web Sites from the navigation tree. Right-click Default Web Site and select
Properties. Then select the Home Directory tab. Specify the path for certificate service in the Local path
text box. Besides, to avoid conflicts with existing services, it is recommended to change the TCP port
number to an unused one on the Web Site tab.
After the above configuration, it is also required to ensure that the system clock of the LB module and that
of the CA are synchronized, so that the LB module can request certificate correctly.
3. Configure the LB module
# Create a PKI entity
• Select Security > PKI > Entity from the navigation tree and then click Add to perform the
configurations shown in Figure 85.
Figure 85 Add a PKI entity
• Type aaa as the PKI entity name.
• Type LB as the common name.