Adding certificates to the nvg – Nortel Networks NN46120-104 User Manual
Page 99
99
Adding Certificates to the NVG
Using the encryption capabilities of the VPN Gateway requires adding
a key and certificate that conforms to the X.509 standard to the VPN
Gateway. If you have more than one VPN Gateway in a cluster, the
key and certificate need only be added to one of the devices. As with
configuration changes, the information is automatically propagated to all
other devices in the cluster.
Note:
When using an ASA 310-FIPS running in FIPS mode, the private
key associated with a certificate cannot be imported. All private keys
must be generated on the HSM card itself due to the FIPS security
requirements.
There are two ways to install a key and certificate into the VPN Gateway :
•
Copy-and-paste the key/certificate.
•
Download the key/certificate from a TFTP/FTP/SCP/SFTP server.
The VPN Gateway supports importing certificates and keys in these
fromats:
•
PEM
•
NET
•
DER
•
PKCS7 (certificate only)
•
PKCS8 (keys only, used in WebLogic)
•
PKCS12 (also known as PFX)
Besides these formats, keys in the proprietary format used in MS IIS 4
can be imported by the VPN Gateway, as wells as keys from Netscape
Enterprise Server or iPlanet Server. Importing keys from Netscape
Enterprise Server or iPlanet Server however, require that you first use a
conversion tool. For more information about the conversion tool, contact
Nortel. See
for contact information.
When it comes to exporting certificates and keys from the VPN Gateway,
you can specify to save in the PEM, NET, DER, or PKCS12 format when
using the
export
command. If you choose to use the
display
command
(which requires a copy-and-paste operation), you are restricted to saving
certificates and keys in the PEM format only.
Note:
When performing a copy-and-paste operation to add a certificate
or key, you must always use the PEM format.
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.