Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
541542543544545546547548549550
7-46
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
Install Certificates Using SCEP
Before you begin to configure the settings for using SCEP to install certifi-
cates, make sure that the TMS zl Module has the correct time. If the module
does not have the correct time, the SCEP process may fail. The TMS zl Module
takes its time from the host switch, so if you need to adjust the time, you will
need to configure the switch.
Follow these steps to install certificates automatically using SCEP:
1. In the left navigation bar of the Web browser interface, click VPN >
Certificates.
2. Click the SCEP tab.
Figure 7-31. VPN > Certificates > SCEP Window
3. For SCEP Server IP Address/Domain Name, type either the IP address or
FQDN of your CA server. The CA must, of course, support SCEP.
4. For SCEP Server Port, type the port number on which your CA server listens
for SCEP messages.
The default port is 80.
5. For CGI-Path, type the correct path to the program on the CA server that
executes SCEP functions.
The default path, /certsrv/mscep/mscep.dll, is valid on a typical Windows
CA. Otherwise, your CA should tell you the correct CGI path.
6. For Unique CA Identifier (Suffix to CGI-Path), type the CN for the CA server.
For example: /CN=<CAcommonname>
The unique CA identifier is not always necessary (in which case, you can
leave the box empty). Your CA should tell you if you need to specify a
unique identifier and, if you do, what it is.
7. Click Apply My Changes.