Avaya VPN Gateway User Manual page 104

Certificates and Client Authentication
2. When prompted, provide the following information to include in the client certificate:
3. Specify the validity period, key size, and serial number.
104 User Guide
this check yourself, use the /cfg/cert #/show command and look for lines
containing the text
X509v3 Basic Constraints:CA:TRUE|FALSE
in the screen output.
Note that you do not have to complete all fields. Only one of Common Name and
E-mail Address is strictly required.
• Country Name (2 letter code): The two-letter ISO code for the country in which
the subject resides. With subject is meant the person for whom the client
certificate is created. For current information about ISO country codes, visit for
example http://www.iana.org/.
• State or Province Name (full name): The full name of the state or province in
which the subject resides.
• Locality Name (for example, city): The name of the city or town where the
subject resides.
• Organization Name (for example., company): The registered name of the
organization to which the subjects belongs. Do not abbreviate the organization
name and do not use the following characters:
< > ~ ! @ # $ % ^ * / \ ( ) ?
• Organizational Unit Name (for example,, section): The unit name of the
organization to which the subject belongs.
• Common Name (for example,, the subject's name): The full name of the
subject.
• E-mail Address: The full e-mail address of the subject.
• Subject alternative name: Comma-separated list of URI:<uri>, DNS:<fqdn>,
IP:<ip address>, email:<e-mail address>. Example:
URI:http://www.example.com,email:john@example.com,IP:10.1.2.3
After having provided information about the subject, you are now ready to specify
information relating to the client certificate itself.
Decide how many days the client certificate should be valid. By default, each new
client certificate is set to be valid for 365 days. Also decide which key size should
be used. The default key size is set to 512 bits, which is appropriate in most cases.
Note that export versions of Internet Explorer 4.x (40-bit encryption) and Internet
Explorer 5 (56-bit encryption) cannot import client certificates with a larger key size
than 512.
Assign a serial number to the client certificate, or accept the suggested number.
When generating a new client certificate, the lowest available serial number is
displayed in square brackets and will be used unless you specify a different number.
As you generate more client certificates, the proposed serial number increments
automatically.
Comments? infodev@avaya.com
April 2013