When you enroll for a personal certificate, either you go through a CA from which your system already has a root certificate or you obtain a root certificate from the CA as part of the enrollment process. The CA Certificates tab displays the current list of CA certificates.
Use this section to gather the information before you begin. To enroll for a certificate with a CA over the network, follow this procedure:
In advanced mode, either click the Enroll icon on the toolbar above the Certificates tab or display the Certificates menu and choose Enroll.
Click Online as the certificate type. There are two forms to fill out.
CA URL--The URL or network address of the CA. This parameter is required.
CA Domain--The CA's domain name. This parameter is required.
Challenge Password--Some CA's require a password to access their site. If such is the case with this CA, enter the password in the Challenge Password field. To find out the password, contact the CA or your network administrator.
New Password--The password that protects this certificate. If your connection entry requires certificate authentication, you must enter this password each time you connect. The password can be up to 32 characters in length. Passwords are case sensitive. For example, sKate8 and Skate8 are different passwords.
Common Name--Your common name (CN), which is the unique name for this certificate. This field is required. The common name can be the name of a person, system, or other entity; it is the most specific level in the identification hierarchy. The common name becomes the name of the certificate; for example, Alice Wonderland.
Department--The name of the department to which you belong; for example, International Studies. This field correlates to the Organizational Unit (OU). The OU is the same as the Group Name configured in a VPN 3000 Series Concentrator, for example.
Company--The name of the company or organization (O) to which you belong; for example, University.
State--The name of your state (ST); for example, Massachusetts.
Country--The 2-letter country code for your country (C); for example, US. This two-letter country code must conform to ISO 3166 country abbreviations.
Email--Your email address (e); for example, alicew@university.edu.
IP Address--The IP address of your system, for example, 10.10.10.1.
Domain--The Fully Qualified Domain Name of the host for your system; for example,
Dialin_Server
.
Together, all these fields except IP address and domain comprise your distinguished name (DN).
What happens next depends on your CA.
Some CAs provide immediate response. If so, you see a message that your enrollment succeeded. You can view and manage the certificate under the Certificates tab.
If the enrollment status is Request pending, your CA does not immediately approve your request. You see a status pending pop up window.
While you are waiting for the CA to issue the certificate, your request appears in the certificates list under the Certificates tab as a request. (The store column shows "Request".)
When the CA issues your certificate, choose the certificate and then choose Retry Certificate Enrollment from the Certificates menu to complete the enrollment.
After you have obtained the certificate, you see a message that your enrollment succeeded.
Copyright © 1998-2004, Cisco Systems, Inc. All rights reserved.