Certificate Enrollment Object Certificate Parameters

Specify additional information in certificate requests sent to the CA server. This information is placed in the certificate and can be viewed by any party who receives the certificate from the router.

Secure Firewall Management Center Navigation Path

Objects > Object Management, then from the navigation pane choose PKI > Cert Enrollment. Press (+) Add Cert Enrollment to open the Add Cert Enrollment dialog, and select the Certificate Parameters tab.

Fields

Enter all information using the standard LDAP X.500 format.

Include FQDN—Whether to include the device’s fully qualified domain name (FQDN) in the certificate request. Choices are:
- Use Device Hostname as FQDN
- Don't use FQDN in certificate
- Custom FQDN—Select this and then specify it in the Custom FQDN field that displays.
Include Device's IP Address—The interface whose IP address is included in the certificate request.
Common Name (CN)—The X.500 common name to include in the certificate.

Note

When enrolling a self-signed certificate you must specify the Common Name (CN) in the certificate parameters.
Organization Unit (OU)—The name of the organization unit (for example, a department name) to include in the certificate.
Organization (O)—The organization or company name to include in the certificate.
Locality (L)—The locality to include in the certificate.
State (ST)—The state or province to include in the certificate.
County Code (C)—The country to include in the certificate. These codes conform to ISO 3166 country abbreviations, for example "US" for the United States of America.
Email (E)—The email address to include in the certificate.
Include Device's Serial Number—Whether to include the serial number of the device in the certificate. The CA uses the serial number to either authenticate certificates or to later associate a certificate with a particular device. If you are in doubt, include the serial number, as it is useful for debugging purposes.