CEP EnrollmentChapter 9 Authentication 421Certificate Issuance to Routers or VPN ClientsIn general, issuing a certificate to a router involves the following steps:1. Note or print the certificate fingerprint information of the Certificate ManagerCA signing certificate. You will be required to compare this with the fingerprintthe router will show on the screen.To locate the fingerprint information:a. Go to the end-entity page hosted by the Certificate Manager.b. Click the Retrieval tab.c. List or search for the CA signing certificate.d. Click Details.e. Scroll down to the section that says “Certificate fingerprint.”createEntry Specifies whether to create an entry in the directory before publishingthe certificate. Note that to publish a certificate, an entry must alreadyexist for the DN in the directory.• Enter true if you want the Certificate Manager to create an entryif one does not already exist (true/false).• Enter false if an entry already exists in the directory and youdon’t want the server to create one.url Specifies the URL for CEP enrollment. It is used if the router requestsa subject name such asunstructuredAddress=1.2.3.4+unstructuredName=fred.example.com. You will need to append the DN to add-onO=example.com as otherwise publishing to the directory will notwork.entryObjectClassSpecifies the type of object to assign to the new entry. By default, thisis cep, and should not be changed. Note that whencreateEntry=true, the Certificate Manager will attempt to createan entry for the user. The directory hierarchy must be set up correctlybeforehand to accept new entries.Table 9-1 CEP service-related configuration parameters in the configuration fileParameter Description
