Certificate Issuance to Routers or VPN Clients824 Netscape Certificate Management System Installation and Setup Guide • October 2001Step 3. Request the CA’s CertificateIn this part of the operation, you identify the CA to the router, thus enabling therouter to authenticate the CA from which it will request the certificate. You alsoverify whether the router is talking to the right CA; you do this manually.Here’s what you should do:1. Run the appropriate command to get the CA certificate.The command will ask you to specify the following:m An identity for the CA. You can give any identity; choose something youwill remember, since you will be required to provide it when you submitthe certificate request.m The CA’s enrollment URL; this is the enrollment URL you identified inStep 1.2. The router gets the CA certificate and displays its fingerprint on your screen.3. Verify the fingerprint on your screen with the one you noted down inStep 1.If it matches, the router is talking to the right CA.Step 4. Submit the Certificate Request to the CATo submit the certificate request to the CA:1. Run the appropriate command.The command will ask you for certain information:m The CA’s identity. You specified this in Step 3.m Challenge password. If you enter one, write it down; you will be requiredto specify this password to revoke the certificate.m The CEP enrollment URL.m Whether you want to include the router’s serial number in the request. Ifyou choose to include the serial number, it will be included in thecertificate’s subject name.m Whether you want to include the router’s IP address in the request. If youchoose to include the IP address, it will be included in the certificate’ssubject name.