SonicOS 7 Device Settings
- SonicOS 7
- About Device Settings
- Managing SonicWall Licenses
- System Administration
- Configuring the Firewall Name
- Enabling Wireless LAN and IPv6
- Changing the Administrator Name and Password
- Configuring Login Security
- Multiple Administrators Support
- Enabling Enhanced Audit Logging Support
- Configuring the Wireless LAN Controller
- Enabling SonicOS API and Configuring Authentication Methods
- Enabling GMS Management
- Configuring the Management Interface
- Client Certificate Verification
- Selecting a Language
- Configuring Time Settings
- Managing Certificates
- Administering SNMP
- Firmware Settings
- Storage
- Restarting the System
- SonicWall Support
Configuring Simple Certificate Enrollment Protocol
The Simple Certificate Enrollment Protocol (SCEP) is designed to support the secure issuance of certificates to network devices in a scalable manner. There are two enrollment scenarios for SCEP:
- SCEP server CA automatically issues certificates.
- SCEP request is set to PENDING and the CA administrator manually issues the certificate.
More information about SCEP can be found at: http://tools.ietf.org/html/draft-nourse-scep-18 (Cisco Systems' Simple Certificate Enrollment Protocol draft-nourse-scep-18).
To use SCEP to issue certificates
- Generate a signing request as described in Generating a Certificate Signing Request.
-
On the Certificates page, Click SCEP.
The SCEP Configuration dialog is displayed.
- From CSR List, SonicOS selects a default CSR list automatically. If you have multiple CSR lists configured, you can modify this.
- In the CA URL field, enter the URL for the Certificate authority.
- If the Challenge Password(optional) field, enter the password for the CA if one is required.
- In the Request Count field, enter the number of requests. The default value is 256.
- In the Polling Interval(S) field, you can modify the default value for duration of time, in seconds, between the sending of polling messages. the default value is 30 seconds.
- In the Max Polling Time(S) field, you can modify the default value for the duration of time, in seconds, the firewall waits for a response to a polling message before timing out. The default value is 28800 seconds (8 hours).
-
Click SCEP to submit the SCEP enrollment.
The firewall contacts the CA to request the certificate. The time this takes depends on whether the CA issues certificates automatically or manually. After the certificate is issued, it is displayed in the list of available certificates on the Device | Settings > Certificates page, under the Imported certificates and requests or All certificates category.
Was This Article Helpful?
Help us to improve our support portal