Configuring the ca server, Configuring the router – H3C Technologies H3C MSR 50 User Manual
Page 497
112
Figure 499 Network diagram
Configuring the CA server
1.
Install the CA server component:
a.
From the start menu, select Control Panel > Add or Remove Programs.
b.
Select Add/Remove Windows Components.
c.
In the pop-up dialog box, select Certificate Services.
d.
Click Next to begin the installation.
2.
Install the SCEP add-on:
Because a CA server running Windows 2003 server operating system does not support SCEP by
default, be sure to install the SCEP add-on to provide the router with automatic certificate
registration and retrieval. After the add-on is installed, a prompt dialog box appears, displaying
the URL of the registration server configured on the router.
3.
Modify the certificate service properties:
a.
From the start menu, select Control Panel > Administrative Tools > Certificate Authority.
If the CA server and SCEP add-on have been installed successfully, there should be two
certificates issued by the CA to the RA.
b.
Right-click CA server and select Properties from the shortcut menu.
c.
In the CA server Properties dialog box, click the Policy Module tab.
d.
Click Follow the settings in the certificate template, if applicable. Otherwise, automatically
issue the certificate.
e.
Click OK.
4.
Modify the IIS attributes:
a.
From the start menu, select Control Panel > Administrative Tools > Internet Information Services
(IIS) Manager.
b.
From the navigation tree, select Web Sites.
c.
Right-click Default Web Site and select Properties.
d.
Click the Home Directory tab.
e.
Specify the path for certificate service in the Local path field. To avoid conflicts with existing
services, change the TCP port number to an unused one on the Web Site tab.
After the configuration, make sure the system clock of the router and that of the CA are synchronized, so
that the router can request certificate correctly.
Configuring the router
1.
Create a PKI entity:
a.
From the navigation tree, select Certificate Management > Entity.
b.
Click Add.
c.
Enter aaa as the PKI entity name, enter router as the common name, and click Apply.