beautypg.com

Enrolling and installing identity certificates – Cisco VPN 3002 User Manual

Page 146

background image

12-20

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 12 Administration

Certificate Management

Enrolling and Installing Identity Certificates

When you generate a request for an identity certificate, you need to provide the following information.

Tip

Check to be sure that you have this information before you begin.

Table 12-1 Fields in a Certificate Request

Field Name

Abbrev-
iation

Manual

SCEP

Recommended Content

Common Name

CN

Yes

Yes

The primary identity of the entity associated with the certificate,
for example, Engineering VPN. Spaces are allowed. You must
enter a name in this field.

If you are requesting an SSL certificate, enter the IP address or
domain name you use to connect to this VPN 3002, for example:
10.10.147.2.

Organizational Unit

OU

Yes

Yes

The name of the department or other organizational unit to which
this VPN 3002 belongs, for example: CPU Design. Spaces are
allowed.

Organization

O

Yes

Yes

The name of the company or organization to which this VPN 3002
belongs, for example: Cisco Systems. Spaces are allowed.

Locality

L

Yes

Yes

The city or town where this VPN 3002 is located, for example:
San Jose. Spaces are allowed.

State/Province

SP

Yes

Yes

The state or province where this VPN 3002 is located, for
example: California. Spell the name out completely; do not
abbreviate. Spaces are allowed.

Country

C

Yes

Yes

The country where this VPN 3002 is located, for example: US.
Use two characters, no spaces, and no periods. This two-character
code must conform to ISO 3166 country codes.

Subject Alternative Name
(Fully Qualified Domain
Name)

FQDN

Yes

Yes

The fully qualified domain name that identifies this VPN 3002 in
this PKI, for example: vpn3030.cisco.com. This field is optional.
The alternative name is an additional data field in the certificate
that provides interoperability with many Cisco IOS and PIX
systems in LAN-to-LAN connections.

Subject Alternative Name
(E-mail Address)

E-mail

Yes

Yes

The e-mail address of the VPN 3002 user.

Challenge Password

-

No

Yes

This field appears if you are requesting a certificate using SCEP.

Use this field according to the policy of your CA:

Your CA might have given you a password. If so, enter it here
for authentication.

Your CA might allow you to provide your own password to
use to identify yourself to the CA in the future. If so, create
your password here.

Your CA might not require a password. If so, leave this field
blank.

See also other documents in the category Cisco Safety: