Enrolling Certificates

Your system administrator may have already set up your VPN Client with digital certificates. If not, or if you want to add certificates, you can obtain a certificate by enrolling with a Certificate Authority (CA).

To enroll a digital certificate you must enroll using the PKI Framework standards, receive approval from the CA, and have the certificate installed on your system.

You can enroll a digital certificate:

To enroll a digital certificate for user authentication

  1. Click the Certificates tab.

  2. Click Enroll at the top of the VPN Client window. The Certificate Enrollment dialog box appears.

  3. Choose a certificate enrollment type.

  1. Enter the enrollment parameters.

  1. Click Next to continue with certificate enrollment. The Certificate Enrollment dialog box appears.

  2. Enter the remaining certificate enrollment parameters. All fields are required unless they are grayed out. Table 6-1 describes the entry fields.

    Table 6-1 Certificate Enrollment Parameters 

    Entry Field

    Description

    Name (CN)

    The common name for the certificate. The common name can be the name of a person, system, or other entity. It is the most specific level in the identification hierarchy. The common name becomes the name of the certificate. For example, Fred Flinstone.

    Domain

    The Fully Qualified Domain Name (FQDN) of the host for your system. For example, Dialin_Server.

    Email (E)

    The user e-mail address for the certificate. For example, email@company.com

    IP Address

    The IP address of the user's system. For example, 192.168.23.9

    Department (OU)

    The VPN group that this user belongs to. This field correlates to the Organizational Unit (OU). The OU is the same as the Group Name configured in a VPN 3000 Series Concentrator, for example.

    Company (O)

    The company name for the certificate.

    State (ST)

    The state for the certificate.

    Country (C)

    The 2-letter country code for your country. For example, US. This two-letter country code must conform to ISO 3166 country abbreviations.

  3. Click Enroll to enroll a certificate from a CA, Go Back to review previous certificate enrollment parameters, or Cancel.

The certificate enrollment is listed in the certificate store as a request. To resume a certificate enrollment request, right-click and choose Resume Certificate Enrollment. Alternately, you can resume an enrollment from the Certificates menu.

A prompt indicates whether the certificate enrollment is successful.

If the certificate enrollment is not successful, contact your network administrator.



Copyright © 2003, Cisco Systems, Inc. All rights reserved.