beautypg.com

Vpn security using digital certificates, Setting up public key infrastructure (pki), Ca and x.509 certificates – Panasonic NN46110-600 User Manual

Page 85: Loading certificates, Using certificates

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

background image

Chapter 3 Using certificates 75

VPN security using digital certificates

You can use X.509 certificates to authenticate IPsec tunnels and L2TP/IPsec

tunnels. The VPN Router supports RSA digital signature authentication for the

IPsec IKE key management protocol. Remote users can authenticate themselves

to the VPN Router using a public key pair and a certificate as credentials. The

VPN Router uses its own key pair and certificate to authenticate the VPN Router

to the user. The VPN Router must explicitly import and trust the CA certificate

that issued the certificate to the tunnel initiator.

Setting up public key infrastructure (PKI)

A PKI issues and manages certificates for both network hosts and end users. An

important decision about the design of a PKI is how to implement CA services.

You can use commercially available products from a vendor such as Entrust,
where the CA resides in your facility and is operated by you.

CA and X.509 certificates

The CA issues and revokes certificates within a PKI. The CA ensures certificates

are valid by signing each certificate with its own digital signature. A copy of all
signed certificates is stored in a publicly accessible certificate repository.

Certificate users use this repository to verify that other user’s certificates are valid.

Loading certificates

You must install two types of certificate in the VPN Router: server certificates and

trusted CA certificates. Server certificates are certificates that the VPN Router
requests for itself, and uses to prove its identity to connecting tunnels. Trusted CA

certificates are certificates that issue end user or branch office tunnel certificates,

and are imported by the VPN Router to establish a common trust.

You can request server certificates either manually (using cut and paste #7 and

#10) or automatically with Certificate Management Protocol (CMP) support.

Nortel VPN Router Security — Servers, Authentication, and Certificates

See also other documents in the category Panasonic Routers: