Identifying individual users with certificates, 1 select profiles > users > add user/edit – Panasonic NN46110-600 User Manual

Chapter 3 Using certificates 93

4

Enter the

password

for the UID, then

confirm the password

to verify that

you entered it correctly. If you selected a variation of MS-CHAP V2

authentication, no password is required for the local UID.

Identifying individual users with certificates

An alternative to allowing all users issued by a particular CA to gain access to the
VPN Router is to identify users explicitly by certificate attributes.

To create IPsec certificate credentials:

1

Select

Profiles

>

Users

>

Add User/Edit

.

2

Select a valid issuer

Certificate Authority

from the list. These Certificate

Authorities are configured from the System > Certificates: Generate
Certificate Request window.

3

Enter either the

relative distinguished name

or the

full distinguished name

.

The relative distinguished name is a collection of the following components

that uniquely identify the remote peer in an IPsec certificate environment:

a

Enter the organization with which the user is associated.

b

Enter the organizational unit with which the user is associated.

c

Enter the common name with which the user is associated.

d

Enter the country in which the user resides.

e

Enter the state or province in which the user resides.

f

Enter the locality in which the user resides.

Enter the full distinguished name (FDN) in this field, rather than entering the
individual components in the relative distinguished name fields. A sample

entry follows:

CN=MyName, O=MyCompany, C=US

4

You can optionally enter a

subject alternative name

in place of a subject DN,

and specify the type of the name. The following formats are acceptable:

•

Email name (for example, [email protected])

•

DNS name (for example, gateway.cleveland.company.com)

•

IP address (for example, 192.168.34.21)

Nortel VPN Router Security — Servers, Authentication, and Certificates