Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
291292293294295296297298299300
284
From the start menu, select Control Panel > Add or Remove Programs, and then select Add/Remove
Windows Components. Then in the pop-up dialog box, select Certificate Services and click Next to begin
the installation.
# Install the SCEP add-on.
Because a CA server running Windows 2003 server operating system does not support SCEP by default,
you must install the SCEP add-on to provide the device with automatic certificate registration and retrieval.
After the add-on is installed, a prompt dialog box appears, displaying the URL of the registration server
configured on the device.
# Modify the certificate service properties.
From the start menu, select Control Panel > Administrative Tools > Certificate Authority. If the CA server
and SCEP add-on have been installed successfully, there should be two certificates issued by the CA to
the RA. Right-click CA server and select Properties from the shortcut menu, and select the Policy Module
tab in the CA server Properties dialog box. Select the option of Follow the settings in the certificate
template, if applicable. Otherwise, automatically issue the certificate. Then click OK.
# Modify the IIS attributes.
From the start menu, select Control Panel > Administrative Tools > Internet Information Services (IIS)
Manager and then select Web Sites from the navigation tree. Right-click Default Web Site and select
Properties. Then select the Home Directory tab. Specify the path for certificate service in the Local path
field. To avoid conflicts with existing services, change the TCP port number to an unused one on the Web
Site tab.
After the configuration, make sure that the system clock of the device and that of the CA are synchronized,
so that the device can request certificate correctly.
Configuring Firewall
# Create a PKI entity
Select VPN > Certificate Management > Entity from the navigation tree and then click Add to
perform the configurations shown in Figure 185.
Figure 185 Add a PKI entity
Enter aaa as the PKI entity name.