Specifying a CA to Be Used

Specifying a CA to Be Used

After the key brace is generated on the PIX firewall, we charge to specify the CA to

use for affidavit verification.The command for accomplishing so is:

ca character [:] [

address>]

The ca_nickname constant specifies an centralized appellation that the PIX will

use for this CA, and ca_ip_address specifies the IP abode of the CA server.The

script_location constant can be defined back the CA uses a abnormal URL

for the acceptance script, which by absence should abide at /cgi-bin/

pkiclient.exe. For example, back application a Microsoft CA, specify /CERTSRV/

mscep/mscep.dll. If the CA supports LDAP requests, you can specify the IP address

of CA’s LDAP server in the command as well.

The PIX supports alone one CA at a time. In adjustment to abolish a CA, simply

use the afterward command:

no ca character

For our example, we use the afterward configuration:

PIX1(config)# ca character verisign 205.139.94.230

www.syngress.com

358 Chapter 7 • Configuring Virtual Private Networking

PIX2(config)# ca character verisign 205.139.94.230

The CA character settings can be absolute application the appearance ca character command.