Support User Manuals

Cisco Systems VPN 3002 Home Safety Product User Manual

Open as PDF

of 282

12-20

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 12 Administration

Certificate Management

Enrolling and Installing Identity Certificates

When you generate a request for an identity certificate, you need to provide the following information.

Tip Check to be sure that you have this information before you begin.

Table 12-1 Fields in a Certificate Request

Field Name

Abbrev-

iation Manual SCEP Recommended Content

Common Name CN Yes Yes The primary identity of the entity associated with the certificate,

for example, Engineering VPN. Spaces are allowed. You must

enter a name in this field.

If you are requesting an SSL certificate, enter the IP address or

domain name you use to connect to this VPN 3002, for example:

10.10.147.2.

Organizational Unit OU Yes Yes The name of the department or other organizational unit to which

this VPN 3002 belongs, for example: CPU Design. Spaces are

allowed.

Organization O Yes Yes The name of the company or organization to which this VPN 3002

belongs, for example: Cisco Systems. Spaces are allowed.

Locality L Yes Yes The city or town where this VPN 3002 is located, for example:

San Jose. Spaces are allowed.

State/Province SP Yes Yes The state or province where this VPN 3002 is located, for

example: California. Spell the name out completely; do not

abbreviate. Spaces are allowed.

Country C Yes Yes The country where this VPN 3002 is located, for example: US.

Use two characters, no spaces, and no periods. This two-character

code must conform to ISO 3166 country codes.

Subject Alternative Name

(Fully Qualified Domain

Name)

FQDN Yes Yes The fully qualified domain name that identifies this VPN 3002 in

this PKI, for example: vpn3030.cisco.com. This field is optional.

The alternative name is an additional data field in the certificate

that provides interoperability with many Cisco IOS and PIX

systems in LAN-to-LAN connections.

Subject Alternative Name

(E-mail Address)

E-mail Yes Yes The e-mail address of the VPN 3002 user.

Challenge Password - No Yes This field appears if you are requesting a certificate using SCEP.

Use this field according to the policy of your CA:

• Your CA might have given you a password. If so, enter it here

for authentication.

• Your CA might allow you to provide your own password to

use to identify yourself to the CA in the future. If so, create

your password here.

• Your CA might not require a password. If so, leave this field

blank.

previous next