Setting certificate parameters – Panasonic NN46110-600 User Manual

80 Chapter 3 Using certificates

5

Click

OK

. The Installed Tunnel Certificates table displays the certificate

entry.

6

Enable

Allow All

, if desired.

7

Click

OK

. You now have the CA certificate which remote users can

authenticate. Repeat this operation if multiple CAs are issuing user

certificates.

Optionally, you can configure a CRL distribution point to enable revocation

checking of client certificates. Click

System > Certificates: Installed Tunnel

Certificates: CA Details

, enter the appropriate

CRL Information

, and click

OK

.

The Enabled check box enables CRL checking of certificates for a particular CA.
The Search Base, Host, Connection, and values must be set for proper access to

the CRL LDAP directory store.

Setting certificate parameters

You can set the following parameters from the System > Certificates > Certificate
Configuration window:

1

Under

Certificate Signature Requirements

, select

Key Usage Extension

Required

if you want the Key Usage V3 extension present in all certificates

presented as part of a tunnel initiation (user and branch office).

2

Under

Certificate Signature Requirements

, select

Validate Issuer

if you do

not accept a subordinate CA without a parent CA. If the check is not set, a

subordinate CA is accepted even if it is not validated.

3

Under

Installed Tunnel and Transport Certificates

, enable

Allow All

to

allow in all tunnel requests authenticated by a particular CA, providing a
significant configuration savings because individual users do not have to be

provisioned into the VPN Router.

4

Select

Trusted

if the certificate is trusted. For CA certificates, this indicates

that tunnel requests presenting this issuer as the signer of their certificate are

trusted. For server certificates, this is a method of turning off the certificate

without deleting it.

NN46110-600