Nortel Vpn Gateway; User Guide - Nortel NN46120-104 User Manual

Vpn gateway
Table of Contents

Advertisement

7
8
Copyright © 2007-2008 Nortel Networks
.
>> Groups# /cfg/sys/user
>> User# edit cert_admin
>> User cert_admin# password
Enter admin's current password: ( admin user password)
Enter new password for cert_admin: ( cert_admin user
password)
Re-enter to confirm: (reconfirm cert_admin user password)
Apply the changes.
>> User cert_admin# apply
Changes applied successfully.
Let the Certificate Administrator user define an export
passphrase.
This step is only necessary if you want to fully separate the
Certificate Administrator user role from the Administrator user
role. If the admin user is removed from the certadmin group,
a Certificate Administrator export passphrase (caphrase) must
be defined.
As long as the admin user is a member of the certadmin
group (the default configuration), the admin user is prompted
for an export passphrase each time a configuration backup
that contains private keys is sent to a TFTP/FTP/SCP/SFTP
server (command: /cfg/ptcfg). When the admin user is not
a member of the certadmin group, the export passphrase
defined by the Certificate Administrator is used instead to
encrypt private keys in the configuration backup. The encryption
of private keys using the export passphrase defined by the
Certificate Administrator is performed transparently to the user,
without prompting. When the configuration backup is restored,
the Certificate Administrator must enter the correct export
passphrase.
Note 1: If the export passphrase defined by the Certificate
Administrator is lost, configuration backups made by the
admin user while he or she was not a member of the
certadmin group cannot be restored.
Note 2: When using the /cfg/ptcfg command on an ASA
310-FIPS, private keys are always encrypted using the wrap
key that was generated when the first HSM card in the cluster
was initialized.
The export passphrase defined by the Certificate
Administrator remains the same until changed by using
the /cfg/sys/user/caphrase command. For users who are
not members of the certadmin group, the caphrase command
in the User menu is hidden. Only users who are members of

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard
14 April 2008
83

Advertisement

Table of Contents
loading

Table of Contents