Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
561562563564565566567568569570
7-47
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
Install Certificates Using SCEP
Before you begin to configure the settings for using SCEP to install certifi-
cates, make sure the time and the time zone on the TMS zl Module match those
set on the SCEP server. If the module does not have the same time and time
zone as the SCEP server, the SCEP process may fail. The TMS zl Module takes
its time from the host switch, so if you need to adjust the time, you will need
to configure the switch.
Follow these steps to install certificates automatically using SCEP:
1. In the left navigation bar of the Web browser interface, click VPN >
Certificates.
2. Click the SCEP tab.
Figure 7-31. VPN > Certificates > SCEP Window
3. For SCEP Server IP Address/Domain Name, type either the IP address or
FQDN of your CA server. The CA must, of course, support SCEP.
4. For SCEP Server Port, type the port number on which your CA server listens
for SCEP messages.
The default port is 80.
5. For CGI-Path, type the correct path to the program on the CA server that
executes SCEP functions.
The default path, /certsrv/mscep/mscep.dll, is valid on a typical Windows
CA. Otherwise, your CA should tell you the correct CGI path.
6. For Unique CA Identifier (Suffix to CGI-Path), type the CN for the CA server.
For example: /CN=<CAcommonname>
The unique CA identifier is not always necessary (in which case, you can
leave the box empty). Your CA should tell you if you need to specify a
unique identifier and, if you do, what it is.