Table of Contents
Advertisement
80 Chapter 3 Using certificates
5
6
7
The Enabled check box enables CRL checking of certificates for a particular CA.
The Search Base, Host, Connection, and values must be set for proper access to
the CRL LDAP directory store.
Setting certificate parameters
You can set the following parameters from the System > Certificates > Certificate
Configuration window:
1
2
3
4
NN46110-600
Click OK. The Installed Tunnel Certificates table displays the certificate
entry.
Enable Allow All, if desired.
Click OK. You now have the CA certificate which remote users can
authenticate. Repeat this operation if multiple CAs are issuing user
certificates.
Optionally, you can configure a CRL distribution point to enable revocation
checking of client certificates. Click System > Certificates: Installed Tunnel
Certificates: CA Details, enter the appropriate CRL Information, and click
OK.
Under Certificate Signature Requirements, select Key Usage Extension
Required if you want the Key Usage V3 extension present in all certificates
presented as part of a tunnel initiation (user and branch office).
Under Certificate Signature Requirements, select Validate Issuer if you do
not accept a subordinate CA without a parent CA. If the check is not set, a
subordinate CA is accepted even if it is not validated.
Under Installed Tunnel and Transport Certificates, enable Allow All to
allow in all tunnel requests authenticated by a particular CA, providing a
significant configuration savings because individual users do not have to be
provisioned into the VPN Router.
Select Trusted if the certificate is trusted. For CA certificates, this indicates
that tunnel requests presenting this issuer as the signer of their certificate are
trusted. For server certificates, this is a method of turning off the certificate
without deleting it.
Advertisement
Table of Contents
