|
Navigate to the Security>Pki level in the configuration
hierarchy.
|
- In the J-Web interface, select Configuration>View
and Edit>Edit Configuration.
- Next to Security, click Configure or Edit.
- Next to Pki, select the check box, and click Configure.
|
From the [edit] hierarchy level, enter
edit security pki
|
|
Add a new CA profile to the Services Router.
|
- Next to Ca profile, click Add new entry.
|
Enter
set ca-profile ca-profile-ipsec ca-identity verisign
|
|
Configure the profile name and the CA authority identification—for
example, ca-profile-ipsec and versign.
|
- In the Ca profile name box, type ca-profile-ipsec.
- In the Ca identity box, type verisign.
|
|
Configure the following enrollment options:
- Enrollment retry—Number of attempts at online enrollment
with the CA profile to allow for a router certificate, if enrollment fails—for
example, 10. The range is from 0 through 100 attempts.
- Enrollment retry-interval—Length of time, in seconds, to
allow between enrollment attempts—for example, 60. The range
is from 0 through 3600 seconds.
- Enrollment URL—URL where the Simple
Certificate Enrollment Protocol (SCEP) request is sent to the certification
authority configured in this profile—for example, http://pilotonsiteipsec.verisign.com/cgi-bin/pkiclient.exe.
|
- Next to Enrollment, click Configure.
- In the Retry box, type 10.
- In the Retry interval box, type 60.
- In the Url box, type http://pilotonsiteipsec.verisign.com/cgi-bin/pkiclient.exe.
- Click OK until you return to the main
Configuration page.
|
Enter
set ca-profile ca-profile-ipsec enrollment retry 10 retry-interval
60 url http://pilotonsiteipsec.verisign.com/cgi-bin/pkiclient.exe
|