25-61
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter25 Configuring IKE and IPsec Policies
Understanding Public Key Infrastructure Policies
PKI Enrollment Dialog Box—Certificate Subject Name Tab
Use the Certificate Subject Name tab of the PKI Enrollment dialog box to optionally define additional
information about the device in certificate requests sent to the CA server. This information is placed in
the certificate and can be viewed by any party who receives the certificate from the router.
Enter all information using the standard LDAP X.500 format.
Navigation Path
Go to the PKI Enrollment dialog box and click the Certificate Subject Name tab. For information on
opening the dialog box, see PKI Enrollment Dialog Box, page 25-54.
Related Topics
PKI Enrollment Dialog Box—CA Information Tab, page25-55
PKI Enrollment Dialog Box—Enrollment Parameters Tab, page25-59
PKI Enrollment Dialog Box—Trusted CA Hierarchy Tab, page25-62
Field Reference
Table25-13 PKI Enrollment Dialog Box—Certificate Subject Name Tab
Element Description
Include Device’s FQDN Whether to include the device’s fully qualified domain name (FQDN)
in the certificate request.
The name is taken from the Hostname policy (ensure that you specify
both the hostname and domain name in the policy to get a valid
fully-qualified domain name). If you do not configure the Hostname
policy, the name is derived from the display name for the device in
Security Manager, display_name.null, which is unlikely to give you the
desired results.
Include Device’s IP Address The interface whose IP address is included in the certificate request.
Enter the name of the interface or interface role, or click Select to select
it. If the object that you want is not listed, click the Create button to
create it.
Common Name (CN) The X.500 common name to include in the certificate.
Organization Unit (OU) The name of the organization unit (for example, a department name) to
include in the certificate.
Note When you configure PKI enrollment objects for Cisco Easy
VPN Remote components, this field must contain the name of
the client group to which the component connects. Otherwise,
the component will not be able to connect. Although this
information is not required for the Easy VPN Server, including
it does not create configuration problems. For more information
about Easy VPN, see Understanding Easy VPN, page 27-1.
Organization (O) The organization or company name to include in the certificate.
Locality (L) The locality to include in the certificate.
State (ST) The state or province to include in the certificate.
Country (C) The country to include in the certificate.