beautypg.com

Cisco VPN 3002 User Manual

Page 143

background image

12-17

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 12 Administration

Certificate Management

If you have trouble enrolling or installing digital certificates via SCEP, enable both the CLIENT and
CERT event classes to assist in troubleshooting.

Digital certificates indicate the time frame during which they are valid. Therefore, it is essential that the
time on the VPN 3002 is correct and synchronized with network time. See Configuration | System |
Servers | NTP and Configuration | System | General | Time and Date.

You must complete the enrollment and certificate installation process within one week of generating the
request. If you do not, the pending request is deleted.

Installing CA Certificates Automatically Using SCEP

If you plan to use SCEP to enroll for identity or SSL certificates, you must obtain the associated CA
certificate using SCEP. The Manager does not let you enroll for a certificate from a CA unless that CA
was installed using SCEP. A certificate that is obtained via SCEP and therefore capable of issuing other
SCEP certificates is called SCEP-enabled.

Tip

In order to obtain CA certificates using SCEP, you need to know the URL of your CA. Find out your
CA’s URL before beginning the following steps.

Step 1

Using the VPN 3002 Hardware Client Manager, display the Administration | Certificate Management
screen. (See

Figure 12-19

.)

Figure 12-19 Administration | Certificate Management Screen