Nortel Networks NN46120-104 User Manual
Page 83
83
>> Groups# /cfg/sys/user
>> User# edit cert_admin
>> User cert_admin# password
Enter admin’s current password:
(
admin
user password)
Enter new password for cert_admin:
(
cert_admin
user
password)
Re-enter to confirm:
(reconfirm
cert_admin
user password)
7
Apply the changes.
>> User cert_admin# apply
Changes applied successfully.
8
Let the Certificate Administrator user define an export
passphrase.
This step is only necessary if you want to fully separate the
Certificate Administrator user role from the Administrator user
role. If the
admin
user is removed from the
certadmin
group,
a Certificate Administrator export passphrase (
caphrase
) must
be defined.
As long as the
admin
user is a member of the
certadmin
group (the default configuration), the
admin
user is prompted
for an export passphrase each time a configuration backup
that contains private keys is sent to a TFTP/FTP/SCP/SFTP
server (command:
/cfg/ptcfg
). When the
admin
user is not
a member of the
certadmin
group, the export passphrase
defined by the Certificate Administrator is used instead to
encrypt private keys in the configuration backup. The encryption
of private keys using the export passphrase defined by the
Certificate Administrator is performed transparently to the user,
without prompting. When the configuration backup is restored,
the Certificate Administrator must enter the correct export
passphrase.
Note 1: If the export passphrase defined by the Certificate
Administrator is lost, configuration backups made by the
admin
user while he or she was not a member of the
certadmin
group cannot be restored.
Note 2: When using the
/cfg/ptcfg
command on an ASA
310-FIPS, private keys are always encrypted using the wrap
key that was generated when the first HSM card in the cluster
was initialized.
The export passphrase defined by the Certificate
Administrator remains the same until changed by using
the
/cfg/sys/user/caphrase
command. For users who are
not members of the
certadmin
group, the
caphrase
command
in the User menu is hidden. Only users who are members of
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.