Nortel Networks NN46120-104 User Manual

Create a New Certificate

109

the information displayed, decide which virtual SSL server to
configure for client authentication.

>> Main# cfg/cur ssl

2

Configure the chosen virtual SSL server to require client

certificates.

The client must send its client certificate to the virtual SSL
server during the SSL handshake. If the client does not have
a certificate, the client will respond with a NoCertificateAlert
message. At that point, the session will be terminated.

>> SSL# server 1

>> Server 1# ssl

>> SSL Settings# verify

Current value:

none

Certificate verification (none/optional/require):

require

3

Specify which CA certificates to use for client

authentication.

Specify which CA certificates you want the virtual SSL server
to use for authenticating client certificates. Only those client
certificates that are issued by a certificate authority whose
CA certificate you specify, will be accepted. Note that the CA
certificates you specify by index number must be available on
the VPN Gateway itself.

To authenticate client certificates issued within your own
organization, the CA certificate used for generating the issued
client certificates must be specified as a CA certificate.

>> SSL Settings# cacerts

Current value: ""

Enter certificate numbers (separated by comma): <CA

certificates by index number>

To view basic information about all certificates currently added to
the VPN Gateway, use the

/info/certs

command.

4

Apply your settings.

>> SSL Settings# apply

Changes applied successfully.

--End--

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.