Installing the ssl certificate in your browser – Cisco VPN 3002 User Manual
Page 19
1-3
VPN 3002 Hardware Client Reference
OL-1893-01
Chapter 1 Using the VPN 3002 Hardware Client Manager
Installing the SSL Certificate in Your Browser
Figure 1-1
VPN 3002 Hardware Client Manager Login Screen
To continue using HTTP for the whole session, skip to “
Logging into the VPN 3002 Hardware Client
.”
Installing the SSL Certificate in Your Browser
The Manager provides the option of using HTTP over SSL with the browser. SSL creates a secure
session between your browser (VPN 3002 hardware client) and the VPN Concentrator (server). This
protocol is known as HTTPS, and uses the https:/
/
prefix to connect to the server. The browser first
authenticates the server, then encrypts all data passed during the session.
HTTPS is often confused with a similar protocol, S-HTTP (Secure HTTP), which encrypts only HTTP
application-level data. SSL encrypts all data between client and server at the IP socket level, and is thus
more secure.
SSL uses digital certificates for authentication. The VPN 3002 creates a self-signed SSL server
certificate when it boots, and this certificate must be installed in the browser. Once the certificate is
installed, you can connect using HTTPS. You need to install the certificate from a given VPN 3002 only
once.
Managing the VPN 3002 is the same with or without SSL. Manager screens might take slightly longer
to load with SSL because of encryption/decryption processing. When connected via SSL, the browser
shows a locked-padlock icon on its status bar. Both Microsoft Internet Explorer and Netscape Navigator
support SSL.
For HTTPS to work on the public interface, you must enable HTTPS on the VPN 3002 through the
command-line interface or from an HTTP session on the private interface first.