beautypg.com

Adding certificates to the nvg – Nortel Networks NN46120-104 User Manual

Page 99

background image

99

Adding Certificates to the NVG

Using the encryption capabilities of the VPN Gateway requires adding
a key and certificate that conforms to the X.509 standard to the VPN
Gateway. If you have more than one VPN Gateway in a cluster, the
key and certificate need only be added to one of the devices. As with
configuration changes, the information is automatically propagated to all
other devices in the cluster.

Note:

When using an ASA 310-FIPS running in FIPS mode, the private

key associated with a certificate cannot be imported. All private keys
must be generated on the HSM card itself due to the FIPS security
requirements.

There are two ways to install a key and certificate into the VPN Gateway :

Copy-and-paste the key/certificate.

Download the key/certificate from a TFTP/FTP/SCP/SFTP server.

The VPN Gateway supports importing certificates and keys in these
fromats:

PEM

NET

DER

PKCS7 (certificate only)

PKCS8 (keys only, used in WebLogic)

PKCS12 (also known as PFX)

Besides these formats, keys in the proprietary format used in MS IIS 4
can be imported by the VPN Gateway, as wells as keys from Netscape
Enterprise Server or iPlanet Server. Importing keys from Netscape
Enterprise Server or iPlanet Server however, require that you first use a
conversion tool. For more information about the conversion tool, contact
Nortel. See

“How to Get Help” (page 14)

for contact information.

When it comes to exporting certificates and keys from the VPN Gateway,
you can specify to save in the PEM, NET, DER, or PKCS12 format when
using the

export

command. If you choose to use the

display

command

(which requires a copy-and-paste operation), you are restricted to saving
certificates and keys in the PEM format only.

Note:

When performing a copy-and-paste operation to add a certificate

or key, you must always use the PEM format.

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.