Appendix a: using ssl with directory server, When to configure your vpnmanager for ssl – Avaya 3.7 User Manual
Page 293
Issue 4 May 2005
293
Appendix A: Using SSL with Directory Server
As an added benefit, all communications with the Directory Server can be secured by SSL
(Secure Sockets Layer).
In order to enable SSL, a Public Key Infrastructure (PKI) is used for creating a signed certificate
and an issuer’s certificate. Both signed certificates are then installed on the server. The issuer’s
certificate is then installed in the policy server, the VPNmanager Console, and the devices
belonging to the VPN domain. The PKI can be owned and operated by a third party called a
Certification Authority, or it can be owned and run by your organization. After the certificates are
installed, the policy server and the VPNmanager Console are started, and during login SSL
services are started.
Figure 88: Installing Certificates for Running SSL
1. An administrator uses Directory Server to send a Certificate Request to a PKI.
2. The PKI responds with a Signed Certificate.
3. The Issuer’s Certificate is sometimes called a Certificate Authority (CA) Certificate, and can
be freely obtained from anyone running a PKI.
4. An Issuer’s Certificate is installed in the policy server and the VPNmanager Console.
5. The administrator uses VPNmanager to install an Issuer’s Certificate into the devices.
When to Configure your VPNmanager for SSL
You can configure your VPNmanager to use SSL at anytime, however, it’s recommended that it
be done before being put into service.
SG
WAN
PKI
LAN
VPNmanager
Server
Certificate
Issuer and
Signer
1
2
3
4
VPNmanager
Server