Creating and installing a signed certificate – Avaya 3.7 User Manual

Policy Manager - My Certificates

Issue 4 May 2005

235

Up to eight certificates can be stored in a VSU. During IKE negotiation, a VSU sends a specified
certificate to its target. Those other VSUs and clients are called targets. Likewise, the target that
received a certificate must distribute its [unique] certificate to the sender to complete the
exchange. The VSUs use the exchange to authenticate each other and to distribute their public
keys. These additional certificates can be created then installed into a VSU. Each certificate is
assigned a target (see

IKE Certificate Usage on page 240

for additional information about

making those assignments). A VSU only needs a single certificate to distribute its public-key to
multiple VSUs, but additional certificates can be created for establishing secure connections
with special targets. The process of getting a certificate for a specific VSU is illustrated in

Figure 75

Figure 75: Installing a Signed Certificate into a VSU

Explanation for

Figure 75

:

1. An administrator uses VPNmanager Console to get a Certificate Request from a specific

VSU.

2. The administrator sends the Certificate Request to a Public Key Infrastructure (PKI)

System.

3. The PKI System sends a Signed Certificate to the administrator.

4. The administrator uses VPNmanager Console to install the Signed Certificate into the VSU.

Creating and Installing a Signed Certificate

Shown in

Figure 76

is the Policy Manager for My Certificates. Use it for generating certificate

requests, installing signed certificates in a VSU, and for selecting which certificate the
VPNmanager Console must be configured as the target.

Note: For this process to work, the
security gateway must have already
been configured with an IP address.

PKI

LAN

security

WAN

VPNmanager Console

1

2

3

4