Certificates and client authentication – Nortel Networks NN46120-104 User Manual
Page 93
93
.
Certificates and Client Authentication
This chapter describes common tasks involving certificates and
client authentication. The chapter also provides detailed step-by-step
instructions for generating certificate signing requests, adding certificates
to the Nortel VPN Gateway (NVG), generating and revoking client
certificates, as well as configuring the VPN Gateway to require client
certificates.
The VPN Gateway supports importing certificates in the PEM, NET, DER,
PKSCS7, and PKCS12 formats. The certificates must conform to the
X.509 standard. You can create a new certificate, or use an existing
certificate. The VPN Gateway supports using up to 1500 certificates. The
basic steps to create a new certificate using the command line interface of
the VPN Gateway are:
•
Generate a Certificate Signing Request (CSR) and send it to a
Certificate Authority (CA, such as Entrust or VeriSign) for certification.
•
Add the signed certificate to the VPN Gateway.
Note:
Even though the VPN Gateway supports keys and certificates
created by using Apache-SSL, OpenSSL, or Stronghold SSL, the
preferred method from a security point of view is to create keys and
generate certificate signing requests from within the VPN Gateway by
using the command line interface. This way, the encrypted private key
never leaves the VPN Gateway, and is invisible to the user.
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.