beautypg.com

Figure 12-25 – Cisco VPN 3002 User Manual

Page 149

background image

12-23

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 12 Administration

Certificate Management

Figure 12-25 Administration | Certificate Management | Enroll | Identity Certificate | SCEP Screen

Step 5

Fill in the fields and click Enroll. (For information on the fields on this screen, see

Table 12-1

.) The

VPN 3002 sends the certificate request to the CA.

If the CA does not issue the certificate immediately (some CAs require manual verification of credentials
and this can take time), the certificate request could enter polling mode. In polling mode, the VPN 3002
re-sends the certificate request to the CA a specified number of times at regular intervals until the CA
responds or the process times out. (For information on configuring the polling limit and interval, see the

Administration | Certificate Management | Configure CA Certificate

screen.) The certificate request

appears in the Enrollment Status table on the Administration | Certificate Management screen until the
CA responds. Once the CA responds and issues the certificate, the VPN 3002 checks to see if it already
has an active certificate. If there is no active certificate, the VPN 3002 installs the new certificate
automatically. If there already is an active certificate, the new certificate appears in the Enrollment
Status table; you have to activate it manually.

If the CA responds immediately, the Manager installs the identity certificate on the VPN 3002 and
displays the Administration | Certificate Management | Enrollment | Request Generated screen.
(See

Figure 12-26

.)