Field
Description
field. This file must be provided to the CA and the received
certificate must then be imported manually to your device.
•
04%#
: The key is requested from a CA using the Simple Cer-
tificate Enrolment Protocol.
Generate Private Key
Only if Mode =
,
.
Select an algorithm for key creation.
;0
(default value) and
90
are available.
Also select the length of the key to be created.
Possible values:
,
1
,
,
+
,
,
.
Please note that a key with a length of 512 bits could be rated
as unsecure, whereas a key of 4096 bits not only needs a lot of
time to create, but also occupies a major share of the resources
during IPSec processing. A value of 768 or more is, however,
recommended and the default value is 1024 bits.
SCEP URL
Only if Mode =
04%#
.
Enter the URL of the SCEP server, e.g. ht-
tp://scep.funkwerk.de:8080/scep/scep.dll
Your CA administrator can provide you with the necessary data.
CA Certificate
Only if Mode =
04%#
.
•
9
: In CA Name, enter the name of the CA certific-
ate of the certification authority (CA) from which you wish to
request your certificate, e.g.
)*
. Your CA adminis-
trator can provide you with the necessary data.
If no CA certificates are available, the device will first down-
load the CA certificate of the relevant CA. It then continues
with the enrolment process, provided no more important para-
meters are missing. In this case, it returns to the Generate
Certificate Request menu.
If the CA certificate does not contain a CRL distribution point
(Certificate Revocation List, CRL), and a certificate server is
not configured on the device, the validity of certificates from
this CA is not checked.
Funkwerk Enterprise Communications GmbH
12 VPN
funkwerk TR200aw/bw
273