In LANconfig, you configure the certificate parameters under Certificate issuing.
in the section- Validity period
- Here you specify the validity period of the certificate in days.
- General challenge password
- An additional "Password" can be entered here, which is transmitted to the CA. This can be used by default to authenticate revocation requests. If CAs operate Microsoft-SCEP (mscep), the one-time passwords issued by the CA can be entered here for the authentication of requests.
The Challenge table contains the certificate recipients' (clients') own passwords.
- Distinguished name
- The "Distinguished name" must be entered here. With this parameter the CAs are assigned to system certificates (and vice versa) on the one hand. On the other hand this parameter is also important for evaluating whether received or available certificates match with the configuration. Separated by commas or forward slashes, this is a list where the name, department, state and country can be specified for the gateway. The following are examples of how an entry might appear: CN=myCACN, DC=mscep, DC=ca, C=DE, ST=berlin, O=myOrg /CN=LANCOM CA/O=LANCOM SYSTEMS/C=DE
- MAC address
- Enter the MAC address of the client whose password is to be managed by the challenge-password table.
- Challenge
- Enter the challenge (password) for the client here.
- Validity
- Enter the validity period of the password here. By selecting "one-time" the password becomes a one-time password (OTP) so that, for example, it can only be used for authentication once.
Under CA encryption you configure the security parameters for the CA encryption.
- Encryption algorithm
- The encryption algorithm is specified here as used by the SCEP protocol. Both the certification authority (CA) and the certificate holder (client) must support the algorithm. The following methods are available:
- DES
- 3DES
- BLOWFISH
- AES128
- DES192
- DES256
- Signature algorithm
- Here you select the signature algorithm used by the Certificate Authority (CA) to sign the certificate. This method must be supported by the CA and the certificate recipient (client) as the client uses this signature to check the integrity of the certificate. The following cryptographic hash functions are available for selection:
- MD5
- SHA1
- SHA2-256
- SHA2-384
- SHA2-512
- Fingerprint algorithm
- Here you select the fingerprint algorithm that the Certificate Authority (CA) uses to calculate the signature's fingerprint. Both the CA and the certificate recipient (client) must support the method.
The fingerprint is a hash value of data (key, certificate, etc.), i.e. a short number string that can be used to check the integrity of the data. The following cryptographic hash functions are available for selection:
- MD5
- SHA1
- SHA2-256
- SHA2-384
- SHA2-512