Virtual Private Networks (VPN) IPsec
AnywhereUSB® Plus User Guide
601
(config network scep_client scep_client_name)> renewable_time integer
(config network scep_client scep_client_name)>
9. (Optional) Set the filename of the Certificate Revocation List (CRL) from the CA.
The CRL is stored on the AnywhereUSB Plus device in the /etc/config/scep_client/client_name
directory.
(config network scep_client scep_client_name)> crl_name name
(config network scep_client scep_client_name)>
10. Save the configuration and apply the change:
(config network scep_client scep_client_name)> save
Configuration saved.
>
11. Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection
menu. Type quit to disconnect from the device.
Example: SCEP client configuration with Fortinet SCEP server
In this example configuration, we will configure the AnywhereUSB Plus device as a SCEP client that
will connect to a Fortinet SCEP server.
Fortinet configuration
On the Fortinet server:
1. Enable ports for SCEP services:
a. From the menu, select Network > Interfaces.
b. Select the appopriate port and click Edit.
c. For Access Rights > Services, enable the following services:
n
HTTPS > SCEP
n
HTTPS > CRL Downloads
n
HTTP > SCEP
n
HTTP > CRLDownloads
d. The remaining fields can be left at their defaults or changed as appropriate.
e. Click OK.
2. Create a Certificate Authority (CA):
a. From the menu, click Certificate Authorities > Local CAs.
b. Click Create New.
c. Type a Certificate ID for the CA, for example, fortinet_example_ca.
d. Complete the Subject Information fields.
e. The remaining fields can be left at their defaults or changed as appropriate.
f. Click OK.
To Next Page
Loading...
Need help?
General