Virtual Private Networks (VPN) IPsec
Digi Connect IT® 4 User Guide
364
14. Set the bit size of the private key:
(config network scep_client scep_client_name)> key_length int
(config network scep_client scep_client_name)>
The default is 2048.
15. Set the number of days that the certificate enrollment can be renewed, prior to the request
expiring. This value is configured on the SCEP server, and is used by the Connect IT 4 device to
determine when to start attempting to auto-renew an existing certificate. The default is 7.
(config network scep_client scep_client_name)> renewable_time integer
(config network scep_client scep_client_name)>
16. (Optional) Enable verbose logging in /var/log/scep_client:
(config network scep_client scep_client_name)> debug true
(config network scep_client scep_client_name)>
17. Save the configuration and apply the change:
(config network scep_client scep_client_name)> save
Configuration saved.
>
18. Type exit to exit the Admin CLI.
Depending on your device configuration, you may be presented with an Access selection
menu. Type quit to disconnect from the device.
Example: SCEP client configuration with Fortinet SCEP server
In this example configuration, we will configure the Connect IT 4 device as a SCEP client that will
connect to a Fortinet SCEP server.
Fortinet configuration
On the Fortinet server:
1. Enable ports for SCEP services:
a. From the menu, select Network > Interfaces.
b. Select the appopriate port and click Edit.
c. For Access Rights > Services, enable the following services:
n HTTPS > SCEP
n HTTPS > CRL Downloads
n HTTP > SCEP
n HTTP > CRLDownloads
d. The remaining fields can be left at their defaults or changed as appropriate.
e. Click OK.
2. Create a Certificate Authority (CA):
a. From the menu, click Certificate Authorities > Local CAs.
b. Click Create New.
To Next Page
Loading...
Need help?
General
