Certificate Issuance to Routers or VPN Clients800 Netscape Certificate Management System Installation and Setup Guide • May 2002## Router configurationeeGateway.cep.cep1.appendDN=O=*BASE_DN*eeGateway.cep.cep1.createEntry=trueeeGateway.cep.cep1.entryObjectClass=cepeeGateway.cep.cep1.url=/cgi-bin/pkiclient.exeeeGateway.cep.cep1.authName=flatfile_router## VPN configurationeeGateway.cep.cep2.url=/vpnenrolleeGateway.cep.cep2.authName=flatfile_VPN## Router authentication parameters in the configuration fileauths.instance.flatfile_router.fileName=auths.instance.flatfile_router.authAttributes=pwdauths.instance.flatfile_router.keyAttributes=UNSTRUCTUREDNAMEauths.instance.flatfile_router.pluginName=flatfileauths.instance.flatfile_router.deferOnFailure=true## VPN authentication parameters in the configuration fileauths.instance.flatfile_VPN.fileName=auths.instance.flatfile_VPN.authAttributes=pwdauths.instance.flatfile_VPN.keyAttributes=CN,OU,Oauths.instance.flatfile_VPN.pluginName=flatfileauths.instance.flatfile_VPN.deferOnFailure=false## FlatFileAuth plugin registered in the configuration fileauths.impl.flatfile.class=com.netscape.certsrv.authentication.FlatFileAuthWhen setting up multiple CEP services, you can use the cepsubstore attribute todifferentiate one CEP service from another. For example, if you’re setting upseparate CEP services for router and VPN-client certificates and want to setdifferent extensions in these certificates, you can make that happen with the help ofpredicates; see Table 18-2 on page 564.Certificate Issuance to Routers or VPN ClientsIn general, issuing a certificate to a router involves the following steps:• Step 1. Before You Begin• Step 2. Generate the Key Pair for the Router• Step 3. Request the CA’s Certificate• Step 4. Submit the Certificate Request to the CA