Crl retrieval, Enabling certificate use for tunnels, 2 enable rsa digital signature – Panasonic NN46110-600 User Manual
Page 102
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
92 Chapter 3 Using certificates
CRL retrieval
All CRL records are retrieved periodically. When CRL records are updated is a
configured interval. Each CRL record has a next update time set to determine if
the CRL record is stale. If the CRL record is stale, it is refreshed from CA LDAP.
Enabling certificate use for tunnels
For IPsec, you must enable RSA digital signature support for any default groups
associated with CAs, and the groups containing any specific instances of users
who are doing certificate-based authentication.
To enable RSA digital signature support:
1
Select
Profiles > Groups > Edit > IPsec > Configure
.
2
Enable
RSA Digital Signature
.
3
Select the appropriate
Default Server Certificate
from the list. This
certificate is sent to clients to authenticate the VPN Router’s identity. Issue
this server certificate from the same CA PKI that issued the remote access
clients' certificates.
4
Click
OK
.
For L2TP/IPsec authentication:
1
From the list, select the
authentication method
that you want to use for the
branch office connection.
Note: When you change the authentication type, the window
immediately changes to reflect the requirements of the new
authentication method. Any changes that you made on the
Authentication portion of the previous window are lost.
2
Enter the
local UID
. This is the user ID of the local VPN Router that you are
configuring.
3
Enter the
peer UID
. This is the user ID of the remote VPN Router that you are
configuring.
NN46110-600