Specifying a CA to Be Used
After the key brace is generated on the PIX firewall, we charge to specify the CA to
use for affidavit verification.The command for accomplishing so is:
ca character
address>]
The ca_nickname constant specifies an centralized appellation that the PIX will
use for this CA, and ca_ip_address specifies the IP abode of the CA server.The
script_location constant can be defined back the CA uses a abnormal URL
for the acceptance script, which by absence should abide at /cgi-bin/
pkiclient.exe. For example, back application a Microsoft CA, specify /CERTSRV/
mscep/mscep.dll. If the CA supports LDAP requests, you can specify the IP address
of CA’s LDAP server in the command as well.
The PIX supports alone one CA at a time. In adjustment to abolish a CA, simply
use the afterward command:
no ca character
For our example, we use the afterward configuration:
PIX1(config)# ca character verisign 205.139.94.230
www.syngress.com
358 Chapter 7 • Configuring Virtual Private Networking
PIX2(config)# ca character verisign 205.139.94.230
The CA character settings can be absolute application the appearance ca character command.