Nortel 3050 Command Reference Manual page 222

222 Command Reference
/cfg/vpn <id> /aaa/auth <id> /cert Client Certificate
Authentication
[Cert Menu]
cacerts - CACerts menu
groupoids - Group OIDs menu
useroid - Set User OID
The Cert menu is used for configuring client certificate authentication. With
client certificate authentication enabled on the VPN Gateway, no Portal
login is required for remote users with a valid client certificate installed on
their computers. Once the VPN Gateway has accepted the certificate, the
user is directed straight to the Portal's Home tab.
Values in the client certificate's subject part, identified as user OID and
group OID, will be extracted to authenticate the remote user to the
VPN Gateway and assign one or several group names to the user. No
password is required, which means that single sign-on to backend servers
will not be possible.
As an alternative or complement, group names can be mapped to the
CA certificate used to generate the client certificate. See the cacerts
command below.
For a full example on how to configure client certificate authentication, see
the "Authentication Methods" chapter in the Application Guide for VPN.
Table 74
Cert Menu Options (/cfg/vpn/aaa/auth/cert)
Command Syntax and Usage
cacerts
groupoids
Copyright © 2007 Nortel Networks
.
Note:
The Portal will accept client certificates for authentication
provided that only one authentication ID of the cert type has been
configured and enabled.
Displays the CACerts menu. To view menu options, see
<id> /aaa/auth <id> /cert /cacerts CACerts Groups
Configuration" (page
Displays the Group OIDs menu. To view menu options, see
"/cfg/vpn <id> /aaa/auth <id> /cert /groupoids Group OIDs
Configuration" (page
Nortel VPN Gateway
Command Reference
NN46120-103 01.01 Standard
10 September 2007
223).
224).
"/cfg/vpn