beautypg.com

Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 789

background image

15

Configuration procedure

Step1

Configure the CA server

# Install the CA server component.
From the start menu, select Control Panel > Add or Remove Programs, and then select
Add/Remove Windows Components. Then in the pop-up dialog box, select Certificate
Services
and click Next to begin the installation.
# Install the SCEP add-on.
Because a CA server running Windows 2003 server operating system does not support SCEP by default,

it is required to install the SCEP add-on to provide the device with automatic certificate registration and
retrieval. After the add-on is installed, a prompt dialog box appears, displaying the URL of the

registration server configured on the device.
# Modify the certificate service properties.
From the start menu, select Control Panel > Administrative Tools > Certificate Authority. If the
CA server and SCEP add-on have been installed successfully, there should be two certificates issued by
the CA to the RA. Right-click CA server and select Properties from the shortcut menu, and select the
Policy Module tab in the CA server Properties dialog box. Select the option of Follow the
settings in the certificate template, if applicable. Otherwise, automatically issue the
certificate
. Then click OK.
# Modify the IIS attributes.
From the start menu, select Control Panel > Administrative Tools > Internet Information
Services (IIS) Manager
and then select Web Sites from the navigation tree. Right-click Default
Web Site
and select Properties. Then select the Home Directory tab. Specify the path for
certificate service in the Local path text box. Besides, to avoid conflicts with existing services, it is
recommended to change the TCP port number to an unused one on the Web Site tab.
After the above configuration, it is also required to ensure that the system clock of the device and that of
the CA are synchronized, so that the device can request certificate correctly.

Step2

Configure the Device

# Create a PKI entity

Select VPN > PKI > Entity from the navigation tree and then click Add to perform the

configurations shown in

Figure 16

.

This manual is related to the following products: