Your system administrator may have already set up your VPN Client with digital certificates. If not, or if you want to add certificates, you can obtain a certificate by enrolling with a Certificate Authority (CA).
To enroll a digital certificate you must enroll using the PKI Framework standards, receive approval from the CA, and have the certificate installed on your system.
You can enroll a digital certificate:
To enroll a digital certificate for user authentication
If you choose Online, you obtain a certificate by enrolling with a CA over the network.
If you choose File, the VPN Client generates an enrollment request file that you can email to a CA or post into a webpage form.
Certificate Authority--The Common name or the Subject name of the CA Certificate. This drop-down list contains a history of previously enrolled CA certificates. If you select a CA from this list, the CA URL and the CA Domain fields are pre-populated. For <New> online enrollments, you must enter the CA URL and the CA Domain manually.
CA URL--The URL or network address of the CA. For example, http://198.162.41.9/certsrv/mcep/mcep.dll.
Challenge Password--Some CAs require that you enter a password to access their site. Enter this password in the Challenge Password field. Obtain the challenge password from your administrator or from the CA.
New Password--The password for this certificate. Each digital certificate is protected by a password. If you create a connection entry that requires a digital certificate for authentication, you must enter the certificate password each time you attempt a connection.
File encoding type of the output file.
Base-64--The default, is an ASCII-encoded PKCS10 file that you can display because it is in a text format. Use this type when you want to cut and paste the text into the CA's website.
Binary--a base-2 PKCS10 (Public-Key Cryptography Standards) file. You cannot display a binary-encoded file
Filename--The full pathname for the file request. For example, /Users/Anna/Documents/Certificates/mycert.p10.
New Password--The password for this certificate. Each digital certificate is protected by a password. If you create a connection entry that requires a digital certificate for authentication, you must enter the certificate password each time you attempt a connection.
Click Next to continue with certificate enrollment. The Certificate Enrollment dialog box appears.
Enter the remaining certificate enrollment parameters. All fields are required unless they are grayed out. Table 6-1 describes the entry fields.
Click Enroll to enroll a certificate from a CA, Go Back to review previous certificate enrollment parameters, or Cancel.
The certificate enrollment is listed in the certificate store as a request. To resume a certificate enrollment request, right-click and choose Resume Certificate Enrollment. Alternately, you can resume an enrollment from the Certificates menu.
A prompt indicates whether the certificate enrollment is successful.
If the certificate enrollment is not successful, contact your network administrator.
Copyright © 2003, Cisco Systems, Inc. All rights reserved.