Nortel Networks NN46120-104 User Manual

Page 111

Advertising
background image

Create a New Certificate

111

To view basic information about all available certificates, use the

/info/certs

command.

Note: Only certificates having the basic constraint CA:TRUE
can be used for generating client certificates. When generating
a client certificate, the VPN Gateway automatically checks
that the current certificate has this constraint. To perform
this check yourself, use the

/cfg/cert #/show

command

and look for lines containing the text

X509v3 Basic

Constraints:CA:TRUE|FALSE

in the screen output.

2

When prompted, provide the following information to
include in the client certificate:

Note that you do not have to complete all fields. Only one of
Common Name and E-mail Address is strictly required.

Country Name (2 letter code): The two-letter ISO code for
the country in which the subject resides. With subject is
meant the person for whom the client certificate is created.
For current information about ISO country codes, visit for
example

http://www.iana.org/

.

State or Province Name (full name): The full name of the
state or province in which the subject resides.

Locality Name (for example, city): The name of the city or
town where the subject resides.

Organization Name (for example., company): The registered
name of the organization to which the subjects belongs. Do
not abbreviate the organization name and do not use the
following characters:

< > ~ !

@ # $ % ^ * / \ ( ) ?

Organizational Unit Name (for example,, section): The unit
name of the organization to which the subject belongs.

Common Name (for example,, the subject’s name): The full
name of the subject.

E-mail Address: The full e-mail address of the subject.

Subject alternative name: Comma-separated list of URI:<uri>,
DNS:<fqdn>, IP:<ip address>, email:<e-mail address>.
Example:

URI:http://www.example.com,email:john@example
.com,IP:10.1.2.3

3

Specify the validity period, key size, and serial number.

After having provided information about the subject, you are now
ready to specify information relating to the client certificate itself.

Decide how many days the client certificate should be valid. By
default, each new client certificate is set to be valid for 365 days.
Also decide which key size should be used. The default key

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.

Advertising
Popular Brands
Popular manuals