Product guide
Task
For option definitions, click Help in the interface.
1
From the Firewall Enterprise Admin Console, select Maintenance | Certificate/Key Management.
2
Load the signed certificate.
a
Click the Firewall Certificates tab.
b
In the Certificates list, select the certificate, then click Load. The Firewall Certificates: Load Certificate for
PKSC10 Request window appears.
c
For Certificate Source, select File.
d
Click Browse and select the signed certificate file.
e
Click OK.
f
On the Firewall Certifcates tab, select the certificate and verify that the status is SIGNED.
3
Load the ePolicy Orchestrator CA certificate.
a
Click the Certificate Authorities tab.
b
Click New | Single CA. The Certificate Authorities: New Certificate Authority window appears.
c
In the Name field, enter a name for the certificate.
d
Click Browse and select the CA certificate file.
e
Click Add.
Configure certificates using SCEP
If you do not want to use the ePolicy Orchestrator CA to sign the certificate, you can use the Simple
Certificate Enrollment Protocol (SCEP) instead.
Task
1
From the ePolicy Orchestrator console, select Menu | Configuration | Server Settings. The Server Settings
area appears.
2
Select Endpoint Intelligence Settings, then click Edit. The Edit Endpoint Intelligence Settings page appears.
3
Configure SCEP settings.
a
Select CA Certificate.
b
Enter the information in the CA SCEP Url, CA Id and Scep Password fields.
c
Click Test Connection to verify the information. A success message appears.
d
Click Get CA Cert.
4
On the Firewall Enterprise Admin Console, select Maintenance | Key Management.
5
Configure the CA certificate.
a
Click the Certificate Authorities tab.
b
Click New. The Certificate Authorities: New Certificate Authority window appears.
c
From the Type drop-down list, select SCEP.
3
Configure Endpoint Intelligence Agent on Firewall Enterprise
Configure certificates
20
Endpoint Intelligence Agent 2.1.0 Product Guide