Setting up CEP Enrollment ManuallyChapter 25 Setting Up CEP Enrollment 795Step 3. Set Up Automated EnrollmentAs a part of enrolling for a certificate (via CEP), a router administrator orVPN-client user needs to start the enrollment process, which in turn asks the userfor information such as the following:• The CA’s identity• The CEP enrollment URL• A challenge password• The serial number and IP addressSome of the information a user enters, such as the serial number and IP address,goes in to the subject name in the CEP request. Information such as the CA’sidentity and enrollment URL enables the router to connect to the valid CA to makethe certificate request. The challenge password, if specified, enables the user toauthenticate to the server during enrollment and to revoke the certificate, ifneeded, by presenting the same password again. (See “Certificate Issuance toRouters or VPN Clients” on page 800.)You can configure the Certificate Manager to use either the challenge password orthe subject name (all or a part of it) as an authentication token during a CEPenrollment, thus enabling users to get router certificates without any action on thepart of the Certificate Manager agent.To aid you in implementing the automated CEP enrollment process, CertificateManagement System comes with an authentication plug-in module namedFlatFileAuth. This plug-in is available in source-code form in the CMS samplespackage in this directory:/cms_sdk/cms_jdk/samples/authenticationIn order for the Certificate Manager to recognize the FlatFileAuth plug-in anduse it for authenticating CEP-based certificate requests, you must do the following:• Register the plugin in the CMS authentication framework; for instructions, see“Registering an Authentication Module”.• Create an instance of the plug-in; for instructions, see “Step 4: Add anAuthentication Instance” on page 509.You can do this either via the CMS window or by adding the required parametersto the Certificate Manager’s configuration file (CMS.cfg). The configurationparameters of the FlatFileAuth plug-in are listed below.