Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
491492493494495496497498499500
7-48
Virtual Private Networks
IPsec VPNs
Install Certificates Using SCEP. Before you begin to configure the set-
tings for using SCEP to install certificates, make sure that the TMS zl Module
has the correct time. If the module does not have the correct time, the SCEP
process may fail. The TMS zl Module takes its time from the host switch, so if
you need to adjust the time, you will need to configure the switch.
Follow these steps to install certificates automatically using SCEP:
1. In the left navigation bar of the Web browser interface, select VPN >
Certificates.
2. Click the SCEP tab.
Figure 7-37. VPN > Certificates > SCEP Window
3. For SCEP Server IP Address/Domain Name, type either the IP address or
FQDN of your CA server. The CA must, of course, support SCEP.
4. For SCEP Server Port, type the port number on which your CA server listens
for SCEP messages.
The default port is 80.
5. For CGI-Path, type the correct path to the program on the CA server that
executes SCEP functions.
The default path, /certsrv/mscep/mscep.dll, is valid on a typical Windows
CA. Otherwise, your CA should tell you the correct CGI path.
6. For Unique CA Identifier (Suffix to CGI-Path), type the CN for the CA server.
For example: /CN=<CAcommonname>
The unique CA identifier is not always necessary (in which case, you can
leave the box empty). Your CA should tell you if you need to specify a
unique identifier and, if you do, what it is.
7. Click Apply My Changes.
8. Click Save.