1. Manuals
  2. Brands
  3. Nortel Manuals
  4. Network Router
  5. NN46110-600
  6. User manual

Configuring Crl Servers - Nortel NN46110-600 User Manual

Vpn router security — servers, authentication, and certificates
Hide thumbs
Table of Contents

Advertisement

The VPN Router can optionally use CRLs to verify the revocation status of user
certificates. If enabled on the VPN Router, CRLs are periodically retrieved from
the CA's LDAP directory store and cached in the VPN Router's associated LDAP
database. This allows for rapid verification of user certificates during IPsec tunnel
establishment. You can configure the frequency with which the VPN Router
checks for a new CRL.
Because a CRL is signed using the CA's private key, it is protected against
tampering. The VPN Router verifies the CRL signature each time it is used. You
must configure a CRL server for each trusted CA certificate that is imported into
the VPN Router.
Note: The LDAP server that contains CRLs for the CA certificates on
the VPN Router must be reachable from the public or private interface.

Configuring CRL servers

The following list provides explanations for CRL settings:
CRL Checking Enabled shows CRL usage enabled on the VPN Router on a
per-CA basis. To enable CRLs for a CA, click Details on the System >
Certificates window. You use the Certificate Revocation List Information
section to configure the necessary information. Click Enabled to turn on CRL
checking of certificates for the particular CA. You must set the Search Base,
Host, Connection, and Update frequency values for proper access to the CRL
LDAP directory store.
CRL Retrieval Enabled determines whether the VPN Router tries to retrieve a
CRL from the configured directory. If the CRL retrieval is successful, the
VPN Router verifies the revocation status of the presented certificates. The
VPN Router sends out a trap to the SNMP management server on every
instance of CRL retrieval (success or failure). If this option is not selected, the
VPN Router does not attempt to retrieve a CRL, and does not verify
revocation status of presented certificates. Deselecting this option turns off
CRL checking. To enable CRL Retrieval, click Enable for CRL Retrieval on
the Servers > SNMP Traps > Trap Groups Server > Configure window. If the
VPN Router is rebooted or makes a failed CRL retrival, then the CRL retrival
option on the VPN Router becomes unchecked.
Nortel VPN Router Security — Servers, Authentication, and Certificates
Chapter 3 Using certificates 87

Advertisement

Table of Contents
loading

Related Manuals for Nortel NN46110-600

Related Content for Nortel NN46110-600

Table of Contents