Table of Contents
Advertisement
Adding Certificates to the NVG
Using the encryption capabilities of the VPN Gateway requires adding
a key and certificate that conforms to the X.509 standard to the VPN
Gateway. If you have more than one VPN Gateway in a cluster, the
key and certificate need only be added to one of the devices. As with
configuration changes, the information is automatically propagated to all
other devices in the cluster.
There are two ways to install a key and certificate into the VPN Gateway :
•
•
The VPN Gateway supports importing certificates and keys in these
fromats:
•
•
•
•
•
•
Besides these formats, keys in the proprietary format used in MS IIS 4
can be imported by the VPN Gateway, as wells as keys from Netscape
Enterprise Server or iPlanet Server. Importing keys from Netscape
Enterprise Server or iPlanet Server however, require that you first use a
conversion tool. For more information about the conversion tool, contact
Nortel. See
When it comes to exporting certificates and keys from the VPN Gateway,
you can specify to save in the PEM, NET, DER, or PKCS12 format when
using the export command. If you choose to use the display command
(which requires a copy-and-paste operation), you are restricted to saving
certificates and keys in the PEM format only.
Copyright © 2007-2008 Nortel Networks
.
Note:
When using an ASA 310-FIPS running in FIPS mode, the private
key associated with a certificate cannot be imported. All private keys
must be generated on the HSM card itself due to the FIPS security
requirements.
Copy-and-paste the key/certificate.
Download the key/certificate from a TFTP/FTP/SCP/SFTP server.
PEM
NET
DER
PKCS7 (certificate only)
PKCS8 (keys only, used in WebLogic)
PKCS12 (also known as PFX)
"How to Get Help" (page 14)
Note:
When performing a copy-and-paste operation to add a certificate
or key, you must always use the PEM format.
Nortel VPN Gateway
NN46120-104 02.01 Standard
14 April 2008
for contact information.
User Guide
99
Advertisement
Table of Contents
