Manualshelf

Product guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
11121314151617181920
Public key lengths must be 4096 bits or lower.
The host certificate used by McAfee EIA must be signed by the same certificate authority that
generated the CA certificate.
Tasks
Generate the firewall certificate on page 18
Create and export a firewall certificate to be signed by ePolicy Orchestrator.
Sign the firewall certificate and export the CA certificate on page 18
Use ePolicy Orchestrator to sign the firewall certificate and export the ePolicy Orchestrator
CA certificate.
Load the certificates on page 19
Load the signed certificate and the ePolicy Orchestrator CA certificate to Firewall Enterprise.
Configure certificates using SCEP on page 20
If you do not want to use the ePolicy Orchestrator CA to sign the certificate, you can use
the Simple Certificate Enrollment Protocol (SCEP) instead.
Generate the firewall certificate
Create and export a firewall certificate to be signed by ePolicy Orchestrator.
Task
For option definitions, click Help in the interface.
1
From the Firewall Enterprise Admin Console, select Maintenance | Certificate/Key Management | Firewall
Certificates.
2
Click New. The Firewall Certificates: Create New Certificate window appears.
3
In the Certificate name field, enter a name for the certificate.
4
In the Distinguished name (DN) field, enter a distinguished name.
5
From the Submit to CA menu, select Manual PKCS 10.
6
Click Browse to specify the name and location to export the certificate to.
7
From the Format menu, select PKCS10.
8
Click Add. A success message appears.
9
Click OK.
The certificate is exported to the specified location.
Sign the firewall certificate and export the CA certificate
Use ePolicy Orchestrator to sign the firewall certificate and export the ePolicy Orchestrator CA
certificate.
Task
For option definitions, click ? in the interface.
1
From the ePolicy Orchestrator console, select Menu | Configuration | Server Settings. The Server Settings
area appears.
2
Select Endpoint Intelligence Settings, then click Edit. The Edit Endpoint Intelligence Settings page appears.
3
Modify the following server settings for McAfee.
3
Configure Endpoint Intelligence Agent on Firewall Enterprise
Configure certificates
18
Endpoint Intelligence Agent 2.1.0 Product Guide