Table of Contents
Advertisement
2
3
4
Copyright © 2007-2008 Nortel Networks
.
the information displayed, decide which virtual SSL server to
configure for client authentication.
>> Main# cfg/cur ssl
Configure the chosen virtual SSL server to require client
certificates.
The client must send its client certificate to the virtual SSL
server during the SSL handshake. If the client does not have
a certificate, the client will respond with a NoCertificateAlert
message. At that point, the session will be terminated.
>> SSL# server 1
>> Server 1# ssl
>> SSL Settings# verify
Current value: none
Certificate verification (none/optional/require):
require
Specify which CA certificates to use for client
authentication.
Specify which CA certificates you want the virtual SSL server
to use for authenticating client certificates. Only those client
certificates that are issued by a certificate authority whose
CA certificate you specify, will be accepted. Note that the CA
certificates you specify by index number must be available on
the VPN Gateway itself.
To authenticate client certificates issued within your own
organization, the CA certificate used for generating the issued
client certificates must be specified as a CA certificate.
>> SSL Settings# cacerts
Current value: ""
Enter certificate numbers (separated by comma): <CA
certificates by index number>
To view basic information about all certificates currently added to
the VPN Gateway, use the /info/certs command.
Apply your settings.
>> SSL Settings# apply
Changes applied successfully.
Nortel VPN Gateway
User Guide
NN46120-104 02.01 Standard
14 April 2008
Create a New Certificate 109
--End--
Advertisement
Table of Contents
