H3C Technologies H3C SecBlade LB Cards User Manual

122

{

Click Next to begin the installation.

b.

Install the SCEP add-on:
Because a CA server running Windows 2003 server operating system does not support SCEP
by default, you must install the SCEP add-on to provide the LB product with automatic certificate

registration and retrieval. After the add-on is installed, a prompt dialog box appears,
displaying the URL of the registration server configured on the LB product.

c.

Modify the certificate service properties:

{

Select Control Panel > Administrative Tools > Certificate Authority from the start menu.

{

If the CA server and SCEP add-on have been installed successfully, there should be two
certificates issued by the CA to the RA.

{

Right-click CA server and select Properties from the shortcut menu.

{

Click the Policy Module tab in the CA server Properties dialog box.

{

Click Follow the settings in the certificate template, if applicable. Otherwise, automatically
issue the certificate.

{

Click OK.

d.

Modify the IIS attributes:

{

Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from
the start menu.

{

From the navigation tree, select Web Sites.

{

Right-click Default Web Site and select Properties.

{

Click the Home Directory tab.

{

Specify the path for certificate service in the Local path field.

{

Change the TCP port number to an unused one on the Web Site tab to avoid conflicts with
existing services.

After the configuration, make sure the system clock of the LB product and that of the CA are synchronized,

so that the LB product can request the certificate correctly.

3.

Configuring the LB product

a.

Create a PKI entity:

{

From the navigation tree, select Security > Certificate Management > Entity.

{

Click Add.

{

Enter aaa as the PKI entity name, enter device as the common name, and click Apply.