CEP Enrollment Using the Script810 Netscape Certificate Management System Installation and Setup Guide • October 2001Note that Certificate Management System by default supports issuance ofcertificates to routers and VPN clients using the CEP-based enrollment. However,publishing of these certificates to an LDAP-compliant directory is not turned on bydefault because routers and VPN clients need to have access to an LDAP directoryin order to fully support various functions, such as certificate and CRL retrieval.This section explains how to set up a Certificate Manager to issue certificates torouters and CEP-compliant Virtual Private Network (VPN) clients. The section alsodescribes how to configure the Certificate Manager to publish these certificates andcertificate revocation lists (CRLs) to an LDAP-compliant directory.You may configure the Certificate Manager to publish to any LDAP-compliantdirectory, but if you do not have one available, you can use the one supplied withCertificate Management System. Certificate Management System comes withNetscape Directory Server, which is an LDAP-compliant directory. When youinstall Certificate Management System, two instances of Netscape Directory Serverare automatically created in the same server group in which CertificateManagement System is installed—one of the Directory Server instances isidentified as the configuration directory and the other internal database. Forpublishing certificates and CRLs you may use the configuration directory, but notthe internal database. The internal database is configured for exclusive use byCertificate Management System; see , “Setting Up Internal Database.”There are two ways to set up CEP enrollment:• CEP Enrollment Using the Script• Setting up CEP Enrollment ManuallyThe sections that follow explain both ways of CEP enrollment in detail. Therecommended is to use the interactive script.CEP Enrollment Using the ScriptCertificate Management System provides a menu-driven, interactive script toautomate the CEP enrollment process. To invoke the script:1. Go to the Certificate Manager’s host system.2. Open a command-line window.3. Go to this directory: 4. Enter either the following, depending on your system, at the prompt:% install/perl bin/cert/tools/cepconfig.pl on UNIX% install\perl bin\cert\tools\cepconfig.pl on Windows NT