70 Chapter 3 Using certificates
311644-J Rev 00
Configuring Contivity VPN Client for MS stored certificates
You can use the Connection Wizard from the Contivity VPN Client to configure
the client connection to use Microsoft stored certificates. You can also configure
MS stored certificates by selecting Options > Authentication.
1 Double-click on the Contivity VPN Client icon.
The Contivity VPN Client screen appears.
2 Select File > Connection Wizard.
The New Connection Profile screen appears.
3 Enter a name and description, then click on Next.
The Authentication Type screen appears.
4 Select Digital Certificate; then click on Next.
The Digital Certificate Type screen appears.
5 Select Microsoft Stored Certificate; then click on Next.
The Microsoft Certificate Store screen appears. By default, this screen lists all
of the certificates available, including the key usage field for the certificate. If
you check the “Display Only Signature Certificate” box, only the digital
signature is displayed.
Server certificate CRL checking
MS CAPI support on the Contivity VPN client provides checking the revocation
status of the server certificate. The client always checks for a CRL upon
connection.
If you receive a message indicating that the server certificate used for mutual
authentication has been revoked or cannot be validated, it indicates that the server
certificate has actually been revoked or the CRL distribution point is inaccessible,
as defined in the CRL distribution point extension of the server’s X.509
certificate.
To Next Page
Loading...