Certificate management – SnapGear 2.0.1 User Manual

Page 145

Advertising
background image

Virtual Private Networking

141

Certificate Management

x.509 Certificates can be used to authenticate IPSec endpoints during tunnel negotiation
for Automatic Keying. The other methods are Preshared Secrets and RSA Digital
Signatures.

Certificates need to be uploaded to the CyberGuard SG appliance before they can be
used in a tunnel. Certificates have time durations in which they are valid. Ensure that
the certificates uploaded are valid and that the Date and Time settings have been set
correctly on the CyberGuard SG appliance.

The CyberGuard SG appliance only supports certificates in base64 PEM or binary DER
format. Some Certificate Authorities (CA) distribute certificates in a PKCS#12 format file
and the CA, local public key and private key certificates must be extracted or created
before uploading them into the CyberGuard SG appliance.

Extracting certificates

Use the openssl application tool on the CyberGuard SG Installation CD to extract these
certificates (ensure the cygwin1.dll library is in the same directory as the openssl
application). To extract the CA certificate, enter the following at the Windows command
prompt:

openssl pkcs12 -nomacver -cacerts -nokeys -in pkcs12_file -out ca_certificate.pem

.. where pksc12_file is the PKCS#12 file issued by the CA and ca_certificate.pem is
the CA certificate to be uploaded into the CyberGuard SG appliance.

The application will prompt you to Enter Import Password. Enter the password used to
create the certificate. If none was used simply press enter.

To extract the local public key certificate type, enter the following at the Windows
command prompt:

openssl pkcs12 -nomacver -clcerts -nokeys -in pkcs12_file -out
local_certificate.pem

.. where pksc12_file is the PKCS#12 file issued by the CA and local_certificate.pem is
the local public key certificate to be uploaded into the CyberGuard SG appliance.

The application will prompt you to Enter Import Password. Enter the password used to
create the certificate. If none was used simply press enter.

Advertising
Popular Brands
Popular manuals