20-3
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter20 Ce rtificate Authority Serve r
Create CA Server
affected if the router needs to be rebooted. If your organization does not have
an NTP server, you may want to use a publicly available server, such as the
server described at the following URL:
http://www.eecis.udel.edu/~mills/ntp/clock2a.html
DNS not configured—Specifying DNS servers helps ensure that the router is
able to contact the certificate server. DNS configuration is required to contact
the CA server and any other server related to certificate enrollment such as
OCSP servers or CRL repositories if those servers are entered as names and
not as IP addresses.
Domain and/or Hostname not configured—It is recommended that you
configure a domain and hostname before beginning enrollment.
CA Server Wizard: Welcome
The Certificate Authority (CA) server wizard guides you through the
configuration of a CA server. Be sure to have the following information before
you begin:
General information about the CA server—The name that you intend to give
the server, the certificate issuer name that you want to use, and the userna me
and password that enrollees will be required to enter when sending an
enrollment request to the server.
More detailed information about the server—Whether the server will operate
in Registration Authority (RA) mode or Certificate Authority (CA) mode, the
level of information about each certificate that the server will store, whether
the server should grant certificates automatically, and the lifetimes of the
certificates granted, and open enrollment requests.
Supporting information—Links to the RA server that will store the
certificates and to the Certificate Revocation List Distribution Point (CDP)
server.
CA Server Wizard: Certificate Authority Information
Enter basic information about the CA server that you are configuring in this
window.