Certificate enrollment via SCEP / Configuration of SCEP
Parent topic: Configuration of SCEP

Configuring the CAs

The configuration is carried out with LANconfig under Certificates > SCEP client with the button CA table.





Name
Configuration name of the CA.
URL
URL of the CA.
Distinguished name
Distinguished name of the CA. With this parameter the CAs are assigned to system certificates (and vice versa) on the one hand. On the other hand this parameter is also important for evaluating whether received or available certificates match with the configuration. You can also use reserved characters by using a preceding backslash ("\"). The supported reserved characters are:
  • Comma (",")
  • Slash ("/")
  • Plus ("+")
  • Semicolon (";")
  • Equals ("=")
You can also use the following internal firmware variables:
  • %% inserts a percent sign.
  • %f inserts the version and the date of the firmware currently active in the device.
  • %r inserts the hardware release of the device.
  • %v inserts the version of the loader currently active in the device.
  • %m inserts the MAC address of the device.
  • %s inserts the serial number of the device.
  • %n inserts the name of the device.
  • %l inserts the location of the device.
  • %d inserts the type of the device.
Identifier
CA identifier (as required by some web server to identify the CA).
Encryption algorithm
This algorithm encrypts the payload of the certificate request. Possible values are:
  • DES
  • 3-DES
  • Blowfish
  • AES128 (default)
  • AES192
  • AES256
Signature algorithm
The certificate request is signed with this algorithm. Possible values are:
  • MD5
  • SHA1
  • SHA256 (Default)
  • SHA384
  • SHA512
Fingerprint algorithm
Algorithm for signing the fingerprint. This determines whether the CA certificate is to be checked by means of fingerprint, and which algorithm is used for this. The CA fingerprint has to agree with the checksum which results when this algorithm is applied. Possible values are:
  • Off (default)
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512
Fingerprint
The authenticity of a received CA certificate can be checked by means of the the checksum (fingerprint) entered here (corresponding to the set CA fingerprint algorithm).
RA autoapprove
Some CAs provide the option of using an earlier certificate issued by this CA as proof of authenticity for future requests. This option defines whether an existing system certificate should be used to sign new requests. Possible values are:
  • Yes
  • No (Default)
Source address
This is where you configure an optional source address to be used instead of the one otherwise automatically selected for the source address. If you have configured loopback addresses, you can specify them here as source address. You can enter an address in various forms:
  • Name of the IP network (ARF network), whose address should be used.
  • "INT" for the address of the first intranet.
  • "DMZ" for the address of the first DMZ (Note: If there is an interface named "DMZ", its address will be taken).
  • LB0 ... LBF for one of the 16 loopback addresses or its name
  • Furthermore, any IP address can be entered in the form x.x.x.x.
Note: If the source address set here is a loopback address, these will be used unmasked on the remote client.
Parent topic: Configuration of SCEP

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo