Westermo MR Series User Manual
Page 59
59
6622-3201
Web Interface and Command Line Reference Guide
www.westermo.com
Confi gure > Certifi cates > Certifi cate request
4.11
The unit can establish an IPSec tunnel to another unit using certificates. For more information on
using certificates with your unit, please refer to the Application Note “How to configure an IPSEC
VPN tunnel between two Westermo Routers using Certificates and SCEP”, which is available from
the Westermo technical support.
This page contains fields that required when sending a certificate request to a Certificate Authority
(CA). This information forms part of the certificate request, and thus part of the signed public key
certificate.
Using the Web Page(s)
Challenge password:
Before you can create a certificate request you must first obtain a challenge password from the
Certificate Authority Server. This password is generally obtained from the SCEP CA server by
way of a WEB server, or a phone call to the CA Server Administrator. For the Microsoft® SCEP
server, you browse to a web interface. If the server requires a challenge password, it will be dis-
played on the page along with the CA certificate fingerprint.
This challenge password is usually only valid once and for a short period of time, in this case 60
minutes, meaning that a certificate request must be created after retrieving the challenge pass-
word.
Country:
A two-character representation of the country the unit is in (e.g. UK for the United Kingdom).
Common name:
Enter a name for your unit. This field is important, as the common name will be used as the
unit’s ID in IKE negotiations.
Locality:
The location of the unit (e.g. London).
Organisation:
An appropriate company name.
Organisational unit:
An appropriate organisational unit within the company (e.g. Development).
State:
State, County of Province the unit is located in.
Email address:
An appropriate email address.
Unstructured name:
This parameter is optional. You can enter some descriptive text if you wish.
Digest algorithm:
Choose either MD5 or SHA1. This is used when signing (encrypting) the certificate request.