1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-200 - Security Appliance
  6. User manual

Certificates; Trusting Certificates; Local Identities; Certificates Of Remote Peers - D-Link DFL-200 User Manual

Network security firewall
Hide thumbs Also See for DFL-200:
Table of Contents

Advertisement

Certificates

A certificate is a digital proof of identity. It links an identity to a public key in a trustworthy
manner. Certificates can be used to authenticate individual users or other entities. These
types of certificates are commonly called end-entity certificates.
Before a VPN tunnel with certificate based authentication can be set up, the firewall needs a
certificate of its own and that of the remote firewall. These certificates can either be self-
signed certificates, or issued by a CA.

Trusting Certificates

When setting up a VPN tunnel, the firewall has to be told whom it should trust. When using
pre-shared keys, this is simple. The firewall trusts anyone who has the same pre-shared key.
When using certificates, on the other hand, you tell the firewall that it can trust anyone whose
certificate is signed by a given CA. Before a certificate is accepted, the following steps are
taken to verify the validity of the certificate:
Construct a certification path up to the trusted root CA.
Verify the signatures of all certificates in the certification path.
Fetch the CRL for each certificate to verify that none of the certificates have been
revoked.

Local identities

This is a list of all the local identity certificates that can be used in VPN tunnels. A local
identity certificate is used by the firewall to prove its identity to the remote VPN peer.
To add a new local identity certificate, click Add new. The following pages will allow you to
specify a name for the local identity, and upload the certificate and private key files. This
certificate can be selected in the Local Identity field on the VPN page.
This list also includes a special certificate called Admin. This is the certificate used by the
Web interface to provide HTTPS access.
Note: The certificate named Admin can only be replaced by another certificate. It cannot be
deleted or renamed. This is used for HTTPS access to the DFL-200.

Certificates of remote peers

This is a list of all certificates of individual remote peers.
To add a new remote peer certificate, click Add new. The following pages will allow you to
specify a name for the remote peer certificate and upload the certificate file. This certificate
can be selected in the Certificates field on the VPN page.
48

Advertisement

Table of Contents
loading

Related Manuals for D-Link DFL-200

Related Content for D-Link DFL-200

This manual is also suitable for:

Netdefend dfl-200

Table of Contents