Ssl and digital certificates, Tunnel certificates – Panasonic NN46110-600 User Manual

Chapter 1 Authentication services 17

The X.509 digital certificates authentication mechanism works with public key
encryption to provide a level of assurance that users are who they say they are.

SSL and digital certificates

The Secure Socket Layer (SSL) protocol uses digital certificates to establish

secure, authenticated connections between SSL clients and servers.

The VPN Router uses a digital certificate sent from an SSL-capable LDAP server

to authenticate that server. In order for digital certificate authentication to succeed,

you must import a certificate from the authority certifying the LDAP server into

the VPN Router's certificate store. This type of certificate is often referred to as a

CA root certificate.

A single CA root certificate can certify the authenticity of multiple LDAP servers,
depending on the organization of your environment's certification hierarchy.

Tunnel certificates

The VPN Router uses X.509 certificates for authentication to IPsec-based tunnel
connections. The VPN Router supports RSA* digital signature authentication in

the IPsec ISAKMP key management protocol. Remote users can authenticate
themselves to the VPN Router using a public key pair and a certificate as

credentials. In addition, the VPN Router uses its own key pair and certificate to

authenticate the VPN Router to the user. The VPN Router currently supports the

Entrust* product suite and Microsoft certificates.

The VPN Router supports retrieval of X.509v3 certificates from Microsoft
certificate storage through the Microsoft CryptoAPI (MS CAPI). Microsoft
certificate storage uses standard messages (PKCS #12) to import digital
certificates granted by third-party certificate authorities. This allows the VPN

Router and VPN Client to use CAs that are not tightly integrated with the client

and VPN Router.

Nortel VPN Router Security — Servers, Authentication, and Certificates