Certificate Authorities; Identities - D-Link DFL-200 User Manual

Certificate Authorities

This is a list of all CA certificates. To add a new Certificate Authority certificate, click Add new.
The following pages will allow you to specify a name for the CA certificate and upload the
certificate file. This certificate can be selected in the Certificates field on the VPN page.
Note: If the uploaded certificate is a CA certificate, it will automatically be placed in the
Certificate Authorities list, even if Add New was clicked in the Remote Peers list. Similarly, a
non-CA certificate will be placed in the Remote Peers list even if Add New was clicked from
the Certificate Authorities list.

Identities

This is a list of all the configured Identity lists. An Identity list can be used on the VPN page to
limit inbound VPN access from this list of known identities.
Normally, a VPN tunnel is established if the certificate of the remote peer is present in the
Certificates field in the VPN section, or if the remote peer's certificate is signed by a CA
whose certificate is present in the Certificates field in the VPN section. However, in some
cases it might be necessary to limit those who can establish a VPN tunnel, even among peers
signed by the same CA.
The Identity list can be selected in the Identity List field on the VPN page.
If an Identity List is configured, the firewall will match the identity of the connecting remote
peer against the Identity List, and only allow it to open the VPN tunnel if it matches the
contents of the list.
If no Identity List is used, no identity matching is performed.