Administration | Certificate Management
14-35
VPN 3000 Concentrator Series User Guide
specific systems or hosts. There must be at least one identity certificate (and its root certificate) on a
given VPN Concentrator; there may be more than one root certificate.
During IKE (IPSec) Phase 1 authentication, the communicating parties exchange certificate and key
information, and they use the public-key / private-key pairs to generate a hash value; if the hash values
match, the client is authenticated.
The VPN Concentrator supports X.509 digital certificates (International Telecommunications Union
Recommendation X.509), including SSL (Secure Sockets Layer) certificates that are self-signed or
issued in a PKI context.
On the VPN Concentrator, digital certificates are stored as encrypted files in a secure area of flash
memory. They do not require you to click
Save Needed to store them, and they are not visible under
Administration | File Management.
After you install a digital certificate on the VPN Concentrator, it is available in the
Digital Certificate list
for configuring IPSec LAN-to-LAN connections and IPSec SAs. See
Configuration | System | Tunnelling
Protocols | IPSec LAN-to-LAN
and Configuration | Policy Management | Traffic Management | Security
Associations
.
The VPN Concentrator can have only one SSL certificate installed. If you generate a self-signed SSL
certificate, it replaces any installed PKI-context SSL certificate; and vice-versa.
For information on using SSL certificates, see Installing the SSL certificate in your browser in Chapter
1. See also
Configuration | System | Management Protocols | HTTP/HTTPS and Telnet, and Configuration | System
| Management Protocols | SSL
.
Digital certificates carry a timestamp that determines a time frame for their validity. Therefore, it is
essential that the time on the VPN Concentrator is correct and synchronized with network time. See
Configuration | System | Servers | NTP and Configuration | System | General | Time and Date.
Figure 14-33: Administration | Certificate Management screen
To Next Page
Loading...
Need help?
General