Nortel Networks NN46120-104 User Manual
Page 111
Create a New Certificate
111
To view basic information about all available certificates, use the
/info/certs
command.
Note: Only certificates having the basic constraint CA:TRUE
can be used for generating client certificates. When generating
a client certificate, the VPN Gateway automatically checks
that the current certificate has this constraint. To perform
this check yourself, use the
/cfg/cert #/show
command
and look for lines containing the text
X509v3 Basic
Constraints:CA:TRUE|FALSE
in the screen output.
2
When prompted, provide the following information to
include in the client certificate:
Note that you do not have to complete all fields. Only one of
Common Name and E-mail Address is strictly required.
•
Country Name (2 letter code): The two-letter ISO code for
the country in which the subject resides. With subject is
meant the person for whom the client certificate is created.
For current information about ISO country codes, visit for
example
•
State or Province Name (full name): The full name of the
state or province in which the subject resides.
•
Locality Name (for example, city): The name of the city or
town where the subject resides.
•
Organization Name (for example., company): The registered
name of the organization to which the subjects belongs. Do
not abbreviate the organization name and do not use the
following characters:
< > ~ !
@ # $ % ^ * / \ ( ) ?
•
Organizational Unit Name (for example,, section): The unit
name of the organization to which the subject belongs.
•
Common Name (for example,, the subject’s name): The full
name of the subject.
•
E-mail Address: The full e-mail address of the subject.
•
Subject alternative name: Comma-separated list of URI:
DNS:
Example:
URI:http://www.example.com,email:john@example
.com,IP:10.1.2.3
3
Specify the validity period, key size, and serial number.
After having provided information about the subject, you are now
ready to specify information relating to the client certificate itself.
Decide how many days the client certificate should be valid. By
default, each new client certificate is set to be valid for 365 days.
Also decide which key size should be used. The default key
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.