beautypg.com

Nortel Networks NN46120-104 User Manual

Page 113

background image

Create a New Certificate

113

By saving the certificate, you can later easily access the
certificate by specifying the assigned index number at the

cert

prompt. After having specified the assigned index number, you
can use the

display

or

export

command to prepare for the

transfer of the client certificate to the subject. To view basic
information about all saved certificates, use the

/info/certs

command.

If you choose to not save the client certificate, you will need to
save the private key and the certificate to a file by performing a
copy-and-paste operation to a text editor. The private key and
the certificate are displayed on screen as soon as you reconfirm
the chosen password phrase. The private key and the certificate
are combined and saved in the PEM format when using a
copy-and-paste operation.

The requested pass phrase is a word or code that you need to
define. The pass phrase protects the encrypted key against
illegitimate use. When the intended user installs the client
certificate into a Web browser or e-mail client, the correct pass
phrase (which you defined) is required to unlock the certificate.

5

Verify that the certificate you used for generating the client
certificate is specified as a CA certificate for the appropriate
virtual SSL server.

>> Main# cfg/ssl/server

Enter virtual server number:

(1-) 1

>> Server 1# ssl

>> SSL Settings# cacerts

Current value:

1

Enter certificate numbers (separated by comma):

To successfully validate the client certificate on authentication,
you need to verify that the certificate you used for generating
the client certificate is also specified as a CA certificate for the
appropriate virtual SSL server. In the sample screen preceding
output, the certificate has already been defined as a CA
certificate. This is observable by the line

Current value:

1,

where number 1 is the index number

of the certificate that was used when generating the client
certificate. If the certificate index number representing the
certificate you used when generating client certificates is not
listed by

Current value

:, type the certificate index number and

apply your changes.

If the correct certificate index number is already listed by

Current value

:, press ENTER and answer no to the question

if you want to clear the list.

--End--

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.