Table of Contents
Advertisement
Using advanced features
4. From the Maintain Certificates list select the certificate that you want the VPNmanager
Console to use.
5. The default VSU certificate is identified by an asterisk in the MGR column. Although a
specific certificate may have other targets, as assigned through the IKE Certificate Usage
tab (See
6. Click Use as Manager Certificate to make the VPNmanager Console a target of the
certificate.
Issuer certificates
Targets use an Issuer Certificate to authenticate a Signed Certificate. VSU targets can
dynamically store up to eight Issuer Certificates. Storage on VPNremote Client targets is only
limited by the amount of physical memory of the computer. Issuer Certificates must be installed
on targets before they are needed to authenticate a Signed Certificate. This section explains
how to retrieve and install Issuer Certificates for VSU targets. For information about installing
Issuer Certificates on VPNremote clients, see the VPNremote Administrator's Guide.
About Issuer Certificates
The Signed Certificates stored in VSUs are X.509 public-key certificates. They're used for
distributing a public-key of the VSU to targets (other VSUs, VPNremote Clients, and IKE
compatible clients). Every Signed Certificate identifies which Public Key Infrastructure (PKI)
System has signed it. However, targets must use a method to authenticate every Signed
Certificate they receive.
An Issuer Certificate may be called a "Signing Certificate" or "Certification Authority (CA)
Certificate."Targets use an Issuer Certificate to authenticate a Signed Certificate. Therefore, the
Issuer Certificate must be from the same PKI System, as the Signed Certificate was signed by
the issuer's private key.
certificate exchange.
238 Avaya VPNmanager Configuration Guide Release 3.7
IKE Certificate Usage on page
Figure 78
illustrates how Issuer Certificates fit in the scheme of signed
240), the VPNmanager Console can still use it.
Advertisement
Table of Contents
