• SonicOS 7
• About Device Settings
• Managing SonicWall Licenses
  • Licenses
  • Managing Security Services
    • Services Summary
    • Managing Security Services Online
      • Managing Services from SonicOS Management Interface
      • Synchronizing Changes
    • Manual Upgrade for Closed Environments
  • Registering Your SonicWall Appliance
  • Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License
  • Activating FREE TRIALs
• System Administration
  • Configuring the Firewall Name
  • Enabling Wireless LAN and IPv6
  • Changing the Administrator Name and Password
  • Configuring Login Security
    • Configuring Password Compliance
    • Configuring Login Constraints
  • Multiple Administrators Support
    • Working of Multiple Administrators Support
      • Configuration Modes
      • User Groups
      • Priority for Preempting Administrators
      • GMS and Multiple Administrator Support
    • Configuring Multiple Administrator Access
  • Enabling Enhanced Audit Logging Support
  • Configuring the Wireless LAN Controller
  • Enabling SonicOS API and Configuring Authentication Methods
  • Enabling GMS Management
  • Configuring the Management Interface
    • Managing through HTTP/HTTPS
    • Selecting a Security Certificate
    • Controlling the Management Interface Tables
    • Enforcing TLS Version
    • Switching Configuration Modes
    • Deleting Browser Cookies
    • Configuring SSH Management
  • Client Certificate Verification
    • About Common Access Card
    • Configuring Client Certificate Verification
    • Using the Client Certificate Check
    • Checking Certificate Expiration
    • Troubleshooting User Lock Out
  • Selecting a Language
• Configuring Time Settings
  • Setting System Time
  • Configuring NTP Settings
    • Using a Custom NTP Server for Updating the Firewall Clock
    • Adding an NTP Server
    • Editing an NTP Server Entry
    • Deleting NTP Server Entry
• Managing Certificates
  • About Digital Certificates
  • About the Certificates Table
  • About Certificate Details
  • Importing Certificates
    • Importing a Local Certificate
    • Importing a Certificate Authority Certificate
    • Creating a PKCS-12 Formatted Certificate File (Linux Systems Only)
  • Deleting Certificates
  • Generating a Certificate Signing Request
  • Configuring Simple Certificate Enrollment Protocol
• Administering SNMP
  • About SNMP
  • Setting Up SNMP Access
    • Enabling and Configuring SNMP Access
      • Configuring Basic Functionality
      • Configuring SNMPv3 Engine IDs
      • Configuring Object IDs for SNMPv3 Views
    • Setting Up SNMPv3 Groups and Access
      • Creating Groups and Adding Users and Access
        • Creating a Group
        • Adding Access
        • Adding Users
  • Configuring SNMP as a Service and Adding Rules
• Firmware Settings
  • Firmware Management and Backup
    • Firmware Management & Backup Tables
      • Local Table
      • Cloud Table
      • Show Configuration Files Table
    • Searching the Table
  • Creating a Backup Firmware Image
    • Creating a Local Backup Firmware Image
    • Creating a Cloud Backup Firmware Image
    • Scheduling Firmware Image Backups
      • Scheduling a One-Time Backup
      • Scheduling Recurring Backups
      • Deleting Scheduled Backups
  • Updating Firmware
    • Updating Firmware Manually
    • Firmware Auto Update
    • Using SafeMode to Upgrade Firmware
  • Importing and Exporting Settings
    • Importing Settings
    • Exporting Settings
  • Configuring Firmware and Backup Settings
    • Send Settings or Reports by FTP
    • Sending Diagnostic Reports to Technical Support
    • Boot Settings
    • One-Touch Configuration Overrides
    • Enabling FIPS Mode
    • Enabling NDPP mode
• Storage
  • Installing or Replacing Storage Modules
  • Setting Storage Options
    • Configuring the Storage Module for Log File Storage
    • Purging a Storage Module
    • Viewing Trace Logs
• Restarting the System
• SonicWall Support
  • About This Document

Configuring Simple Certificate Enrollment Protocol

The Simple Certificate Enrollment Protocol (SCEP) is designed to support the secure issuance of certificates to network devices in a scalable manner. There are two enrollment scenarios for SCEP:

• SCEP server CA automatically issues certificates.
• SCEP request is set to PENDING and the CA administrator manually issues the certificate.

More information about SCEP can be found at: http://tools.ietf.org/html/draft-nourse-scep-18 (Cisco Systems' Simple Certificate Enrollment Protocol draft-nourse-scep-18).

To use SCEP to issue certificates

1. Generate a signing request as described in Generating a Certificate Signing Request.

2. On the Certificates page, Click SCEP.

   The SCEP Configuration dialog is displayed.

   

3. From CSR List, SonicOS selects a default CSR list automatically. If you have multiple CSR lists configured, you can modify this.
4. In the CA URL field, enter the URL for the Certificate authority.
5. If the Challenge Password(optional) field, enter the password for the CA if one is required.
6. In the Request Count field, enter the number of requests. The default value is 256.
7. In the Polling Interval(S) field, you can modify the default value for duration of time, in seconds, between the sending of polling messages. the default value is 30 seconds.
8. In the Max Polling Time(S) field, you can modify the default value for the duration of time, in seconds, the firewall waits for a response to a polling message before timing out. The default value is 28800 seconds (8 hours).

9. Click SCEP to submit the SCEP enrollment.

   The firewall contacts the CA to request the certificate. The time this takes depends on whether the CA issues certificates automatically or manually. After the certificate is issued, it is displayed in the list of available certificates on the Device | Settings > Certificates page, under the Imported certificates and requests or All certificates category.