User`s guide

421
CA signature certificate
Sometimes when you get a CA certificate, a CA signature certificate is installed on the router at
the same time. You can identify a CA signature certificate by looking at the X.509 Key Usage
section in the certificate. It should say something like the following
X509v3 Key Usage: critical
Digital Signature, Non Repudiation
If a CA signature certificate has been installed by the CA you wish to use for the certificate
request, the CA signature certificate should be entered.
If no CA signature certificate has been installed for the CA, leave this file blank.
RSA Private key
This parameter allows you to select between using an existing private key and generating a
one for each certificate request.
Private key filename
The filename of the private key file to use.
Enrolment Password
Before you can create a certificate request you must first obtain a challenge password from
the Certificate Authority Server. This password is generally obtained from the SCEP CA
server by way of a WEB server or a phone call to the CA Server Administrator. For the
Microsoft® SCEP server, you browse to a web interface. If the server requires a challenge
password, it will be displayed on the page along with the CA certificate fingerprint.
This challenge password is usually only valid once and for a short period of time, in this case
60 minutes, meaning that a certificate request must be created after retrieving the
challenge password.
Common Name (CN)
A name for the router. This parameter is important as the common name will be used as the
router’s ID for IKE negotiations.
Country Code (C)
The two character county code of where the router is located. A list of valid country codes
can be found at
http://www.iso.org/iso/english_country_names_and_code_elements.
State or Province (ST)
The state, county or province of where the router is located.
Locality (L)
The town or city of where the router is located.
Organisation (O)
The company to whom the router belongs to.
Organisational Unit (OU)
The company department maintaining the router.
E-mail
An appropriate email address of a contact for the router.
Unstructured Name
This parameter is optional. It can contain some descriptive to help identify the certificate.
Digest Algorithm
The digest algorithm used (MD5 or SHA1) when signed the certificate request.