Certificates and client authentication – Nortel Networks NN46120-104 User Manual

93

.

Certificates and Client Authentication

This chapter describes common tasks involving certificates and
client authentication. The chapter also provides detailed step-by-step
instructions for generating certificate signing requests, adding certificates
to the Nortel VPN Gateway (NVG), generating and revoking client
certificates, as well as configuring the VPN Gateway to require client
certificates.

The VPN Gateway supports importing certificates in the PEM, NET, DER,
PKSCS7, and PKCS12 formats. The certificates must conform to the
X.509 standard. You can create a new certificate, or use an existing
certificate. The VPN Gateway supports using up to 1500 certificates. The
basic steps to create a new certificate using the command line interface of
the VPN Gateway are:

•

Generate a Certificate Signing Request (CSR) and send it to a
Certificate Authority (CA, such as Entrust or VeriSign) for certification.

•

Add the signed certificate to the VPN Gateway.

Note:

Even though the VPN Gateway supports keys and certificates

created by using Apache-SSL, OpenSSL, or Stronghold SSL, the
preferred method from a security point of view is to create keys and
generate certificate signing requests from within the VPN Gateway by
using the command line interface. This way, the encrypted private key
never leaves the VPN Gateway, and is invisible to the user.

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.