beautypg.com

Uploading certificates – Amer Networks E5Web GUI User Manual

Page 226

background image

Identification Lists

In addition to verifying the signatures of certificates, cOS Core also employs identification lists.
An identification list is a list naming all the remote identities that are allowed access through a
specific VPN tunnel, provided the certificate validation procedure described above succeeded.

Reusing Root Certificates

In cOS Core, root certificates should be seen as global entities that can be reused between VPN
tunnels. Even though a root certificate is associated with one VPN tunnel in cOS Core, it can still
be reused with any number of other, different VPN tunnels.

Other Considerations

A number of other factors should be kept in mind when using certificates:

If Certificate Revocation Lists (CRLs) are used then the CRL distribution point is defined as an
FQDN (for example, caserver.somecompany.com) which must be resolved to an IP address
using a public DNS server. At least one DNS server that can resolve this FQDN should
therefore be defined in cOS Core.

Do not get the Host Certificate files and Root Certificate files mixed up. Although it is not
possible to use a Host Certificate in cOS Core as a Root Certificate, it is possible to accidentally
use a Host Certificate as a Root Certificate.

Certificates have two files associated with them and these have the filetypes .key file and .cer.
The filename of these files must be the same for cOS Core to be able to use them. For
example, if the certificate is called my_cert then the files my_cert.key and my_cert.cer.

3.8.2. Uploading Certificates

Certificates can be uploaded to cOS Core in one of two ways:

Upload using Secure Copy (SCP).

Upload through the Web Interface or InControl.

SCP Uploading

The following command lines show how a typical SCP utility might upload a certificate consisting
of the two files called cert-1.cer and cert-1.key to a security gateway which has the management
IP address 192.168.3.1:

> scp C:\cert-1.cer [email protected]:certificate/my_cert

> scp C:\cert-1.key [email protected]:certificate/my_cert

The certificate object name in cOS Core is my_cert for the certificate and this is how it is
referenced by other objects in the configuration.

All certificate uploads should be followed by the configuration being activated since it has been
changed with new objects.

Chapter 3: Fundamentals

226

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: