Crl retrieval, Enabling certificate use for tunnels, 2 enable rsa digital signature – Panasonic NN46110-600 User Manual

92 Chapter 3 Using certificates

CRL retrieval

All CRL records are retrieved periodically. When CRL records are updated is a
configured interval. Each CRL record has a next update time set to determine if

the CRL record is stale. If the CRL record is stale, it is refreshed from CA LDAP.

Enabling certificate use for tunnels

For IPsec, you must enable RSA digital signature support for any default groups

associated with CAs, and the groups containing any specific instances of users

who are doing certificate-based authentication.

To enable RSA digital signature support:

1

Select

Profiles > Groups > Edit > IPsec > Configure

.

2

Enable

RSA Digital Signature

.

3

Select the appropriate

Default Server Certificate

from the list. This

certificate is sent to clients to authenticate the VPN Router’s identity. Issue

this server certificate from the same CA PKI that issued the remote access

clients' certificates.

4

Click

OK

.

For L2TP/IPsec authentication:

1

From the list, select the

authentication method

that you want to use for the

branch office connection.

Note: When you change the authentication type, the window
immediately changes to reflect the requirements of the new

authentication method. Any changes that you made on the

Authentication portion of the previous window are lost.

2

Enter the

local UID

. This is the user ID of the local VPN Router that you are

configuring.

3

Enter the

peer UID

. This is the user ID of the remote VPN Router that you are

configuring.

NN46110-600