Nortel Networks NN46120-104 User Manual
Page 113
Create a New Certificate
113
By saving the certificate, you can later easily access the
certificate by specifying the assigned index number at the
cert
prompt. After having specified the assigned index number, you
can use the
display
or
export
command to prepare for the
transfer of the client certificate to the subject. To view basic
information about all saved certificates, use the
/info/certs
command.
If you choose to not save the client certificate, you will need to
save the private key and the certificate to a file by performing a
copy-and-paste operation to a text editor. The private key and
the certificate are displayed on screen as soon as you reconfirm
the chosen password phrase. The private key and the certificate
are combined and saved in the PEM format when using a
copy-and-paste operation.
The requested pass phrase is a word or code that you need to
define. The pass phrase protects the encrypted key against
illegitimate use. When the intended user installs the client
certificate into a Web browser or e-mail client, the correct pass
phrase (which you defined) is required to unlock the certificate.
5
Verify that the certificate you used for generating the client
certificate is specified as a CA certificate for the appropriate
virtual SSL server.
>> Main# cfg/ssl/server
Enter virtual server number:
(1-) 1
>> Server 1# ssl
>> SSL Settings# cacerts
Current value:
1
Enter certificate numbers (separated by comma):
To successfully validate the client certificate on authentication,
you need to verify that the certificate you used for generating
the client certificate is also specified as a CA certificate for the
appropriate virtual SSL server. In the sample screen preceding
output, the certificate has already been defined as a CA
certificate. This is observable by the line
Current value:
1,
where number 1 is the index number
of the certificate that was used when generating the client
certificate. If the certificate index number representing the
certificate you used when generating client certificates is not
listed by
Current value
:, type the certificate index number and
apply your changes.
If the correct certificate index number is already listed by
Current value
:, press ENTER and answer no to the question
if you want to clear the list.
--End--
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.