EasyManua.ls Logo

Nortel VPN Client - Microsoft CA digital certificate generation

Nortel VPN Client
90 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 3 Using certificates 67
Configuring the Contivity VPN Client
Microsoft CA digital certificate generation
There are two methods for requesting and retrieving a digital certificate from the
Microsoft CA:
A digital certificate can be created on the trusted CA system and distributed
through PKCS #12 BER encoded messages or files.
A digital certificate can be requested from the client system itself, if the
trusted CA is accessible from the client making the request through an MS
Internet Explorer browser.
The steps needed to create the actual digital certificate request (PKCS #10) are
always the same no matter how you make the request. The difference is where the
private key material is created and, more importantly, stored.
When you make the digital certificate request from the client, the private key
material is generated and stored locally. The PKCS #10 message does not contain
private key material. Generally a user wants to keep all private key information
and key material private and protected. The digital certificate is then retrieved as a
PKCS #7 message and imported into the MS-CAPI store through the Internet
Explorer browser, or the Internet options CertMgr tool.
When you request a digital certificate from the system housing the Microsoft CA,
the private key material is generated and stored locally, on the CA system.
Therefore the CA can generate a PKCS #12 message that is a password-protected
BER-encoded message. The resulting PKCS #12 message contains public/private
key material as well as the associated digital certificate. The PKCS #12 message
can then be distributed to certificate holders in a secure manner and can then be
imported into the MS-CAPI store on the local client system.
It is easier to make requests and import the resulting certificates from the client.
Steps from browser running on client system or CA system
1 Attach to your CA through your browser.
2 Select Request a certificate.
3 Select Advanced request.
4 Select Submit a certificate request to this CA using a form.

Table of Contents

Other manuals for Nortel VPN Client

Preview: Release Note
Release Note22 pages

Related product manuals