User Interface
R&S
®
GP-E/GP-S
124User Manual v16.2.1 ─ 01
Field Description
"Subject Alternative
Name (SAN)"
Optional: Enter as many custom subject alternative names as you like for the
certificate for specific usage and select the appropriate types from the drop-
down list. Available types are: E-Mail, DNS, DirName, URI and IPv4. Click
"Add" to put a subject alternative name on the list. You can edit or delete each
single entry in the list by clicking the appropriate button next to an entry. For fur-
ther information, see Chapter 3.2, "Icons and Buttons", on page 21.
Note: If you edit a subject alternative name, a check mark appears on the right
of the entry. You have to click the check mark before being able to save the set-
tings of the certificate.
"OCSP" Optional and only available for CAs: Select the checkbox to activate validation
via OCSP (Online Certificate Status Protocol) for the CA and its subcertificates.
For more information, see Chapter 3.4.8.3, "OCSP/CRL Settings",
on page 126.
"CRL" Optional and only available for CAs: Select the checkbox to activate validation
via CRL (Certificate Revocation List) for the CA and its subcertificates. For
more information, see Chapter 3.4.8.3, "OCSP/CRL Settings", on page 126.
"Addresses for OCSP
Responder/CRL Down-
load"
Optional and only available for CAs: Define base URLs for OCSP and CRL by
entering a URL and clicking "Add" . The actual URLs for the certificates are built
from the base URL (protocol://hostname/) and are appended with
ocsp/<id-of-the-ca> for OCSP URLs and
with /crls/<id-of-the-ca>.crl for the CRL download URL. The base
URL has to point to the firewall or to any host providing the CRL (when the CRL
is mirrored).
You can edit or delete an entry in the list by clicking the appropriate button next
to the entry. For further information, see Chapter 3.2, "Icons and Buttons",
on page 21.
Note: If you edit a URL, a check mark appears on the right of the entry. You
have to click the check mark before being able to save the settings of the certifi-
cate.
To activate the OCSP and CRL services, see Chapter 3.4.8.3, "OCSP/CRL
Settings", on page 126.
The buttons at the bottom right of the editor panel allow you to "Create" a new certifi-
cate and to add it to the list of available certificates or to reject ( "Cancel" ) the creation
of the new certificate.
Types of Certificates
gateprotect Firewall offers various certificate types to choose from when creating a cer-
tificate.
Certificate type Description
Certificate
Authority
Creates a certificate authority that can sign subordinate CAs and client certifi-
cates for authentication and VPN.
Subordinate
Certificate
Authority
Creates a subordinate CA that can be used to sign authentication and VPN cer-
tificates. A parent CA of the kind Certificate Authority has to be
selected.
Certificate
Authority Without
Subordinate
Certificate
Authorities
Creates a certificate authority that can directly sign authentication and VPN cer-
tificates. No subordinate authorities can be attached. This CA can become a
subordinate authority itself by exporting a signing request and reimporting the
newly signed public certificate, thus signing it externally.
Menu Reference
To Next Page
Loading...