Certificates In Netdefendos; Uploading A Certificate - D-Link DFL-260E User Manual
Network security firewall netdefendos version 2.40.00
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (552 pages)
Table of Contents
Advertisement
3.8.2. Certificates in NetDefendOS
CA is configured. Typically, this is somewhere between an hour to several days.
Trusting Certificates
When using certificates, NetDefendOS trusts anyone whose certificate is signed by a given CA.
Before a certificate is accepted, the following steps are taken to verify the validity of the certificate:
•
Construct a certification path up to the trusted root CA.
•
Verify the signatures of all certificates in the certification path.
•
Fetch the CRL for each certificate to verify that none of the certificates have been revoked.
Identification Lists
In addition to verifying the signatures of certificates, NetDefendOS also employs identification lists.
An identification list is a list naming all the remote identities that are allowed access through a
specific VPN tunnel, provided the certificate validation procedure described above succeeded.
Reusing Root Certificates
In NetDefendOS, root certificates should be seen as global entities that can be reused between VPN
tunnels. Even though a root certificate is associated with one VPN tunnel in NetDefendOS, it can
still be reused with any number of other, different VPN tunnels.
Other Considerations
A number of other factors should be kept in mind when using certificates:
•
If Certificate Revocation Lists (CRLs) are used then the CRL distribution point is defined as an
FQDN (for example, caserver.somecompany.com) which must be resolved to an IP address
using a public DNS server. At least one DNS server that can resolve this FQDN should therefore
be defined in NetDefendOS.
•
Do not get the Host Certificate files and Root Certificate files mixed up. Although it is not
possible to use a Host Certificate in NetDefendOS as a Root Certificate, it is possible to
accidentally use a Host Certificate as a Root Certificate.
•
Certificates have two files associated with them and these have the filetypes .key file and .cer.
The filename of these files must be the same for NetDefendOS to be able to use them. For
example, if the certificate is called my_cert then the files my_cert.key and my_cert.cer.
3.8.2. Certificates in NetDefendOS
Certificates can be uploaded to NetDefendOS for use in IKE/IPsec authentication, Webauth, etc.
There are two types of certificates that can be uploaded: self-signed certificates and remote
certificates belonging to a remote peer or CA server. Self-signed certificates can be generated by
using one of a number of freely available utilities for doing this.
Example 3.22. Uploading a Certificate
The certificate may either be self-signed or belonging to a remote peer or CA server.
150
Chapter 3. Fundamentals
Advertisement
Table of Contents
Troubleshooting
