Adding Certificate Enrollment Objects
You can use these objects with Firewall Threat Defense devices. You must have Admin or Network Admin privileges to do this task.
Procedure
Step 1 | Open the Add Cert Enrollment dialog:
| ||
Step 2 | Enter the Name, and optionally, a Description of this enrollment object. When enrollment is complete, this name is the name of the trustpoint on the managed devices with which it is associated. | ||
Step 3 | Click the CA Information tab. | ||
Step 4 | Choose the Enrollment Type.
| ||
Step 5 | Skip Check for CA flag in basic constraints of the CA Certificate—Check this check box if you want to skip checking the basic constraints extension and the CA flag in a trustpoint certificate. | ||
Step 6 | Validation Usage—Choose from the options to validate the certificate during a VPN connection:
| ||
Step 7 | (Optional) Click the Certificate Parameters tab and specify the certificate contents. See Certificate Enrollment Object Certificate Parameters. This information is placed in the certificate and is readable by any party who receives the certificate from the router. | ||
Step 8 | (Optional) Click the Key tab and specify the Key information. See Certificate Enrollment Object Key Options. | ||
Step 9 | (Optional) Click the Revocation tab, and specify the revocation options: See Certificate Enrollment Object Revocation Options. | ||
Step 10 | Allow Overrides of this object if desired. Whenever you modify the PKCS12 certificate enrollment object to permit overrides, you must update the Passphrase for the certificate on the device where it is overridden. See Object Overrides for a full description of object overrides. | ||
Step 11 | Click Save. |
What to do next
Associate and install the enrollment object on a device to create a trustpoint on that device.