HP VPN Firewall Appliances VPN Configuration Guide
272
d. Click Next to begin the installation.
2. Install the SCEP add-on:
Because a CA server running Windows 2003 server operating system does not support SCEP by
default, you must install the SCEP add-on to provide the firewall with automatic certificate
registration and retrieval. After the add-on is installed, a prompt dialog box appears, displaying
the URL of the registration server configured on the firewall.
3. Modify the certificate service properties:
a. Select Control Panel > Administrative Tools > Certificate Authority from the start menu.
b. If the CA server and SCEP add-on have been installed successfully, there should be two
certificates issued by the CA to the RA.
c. Right-click CA server and select Properties from the shortcut menu.
d. Click the Policy Module tab in the CA server Properties dialog box.
e. Click Follow the settings in the certificate template, if applicable. Otherwise, automatically
issue the certificate.
f. Click OK.
4. Modify the IIS attributes:
a. Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from
the start menu.
b. From the navigation tree, select Web Sites.
c. Right-click Default Web Site and select Properties.
d. Click the Home Directory tab.
e. Specify the path for certificate service in the Local path field.
f. Change the TCP port number to an unused one on the Web Site tab to avoid conflicts with
existing services.
A
fter the confi
guration, make sure the system clock of the firewall and that of the CA are synchronized,
so that the firewall can request the certificate correctly.
Configuring the firewall
1. Create a PKI entity:
a. From the navigation tree, select VPN > Certificate Management > Entity.
b. Click Add.
c. Enter aaa as the PKI entity name, enter firewall as the common name, and click Apply.