Installing the ssl certificate in your browser – Cisco VPN 3002 User Manual

1-3

VPN 3002 Hardware Client Reference

OL-1893-01

Chapter 1 Using the VPN 3002 Hardware Client Manager

Installing the SSL Certificate in Your Browser

Figure 1-1

VPN 3002 Hardware Client Manager Login Screen

To continue using HTTP for the whole session, skip to “

Logging into the VPN 3002 Hardware Client

Manager

.”

Installing the SSL Certificate in Your Browser

The Manager provides the option of using HTTP over SSL with the browser. SSL creates a secure
session between your browser (VPN 3002 hardware client) and the VPN Concentrator (server). This
protocol is known as HTTPS, and uses the https:/

/

prefix to connect to the server. The browser first

authenticates the server, then encrypts all data passed during the session.

HTTPS is often confused with a similar protocol, S-HTTP (Secure HTTP), which encrypts only HTTP
application-level data. SSL encrypts all data between client and server at the IP socket level, and is thus
more secure.

SSL uses digital certificates for authentication. The VPN 3002 creates a self-signed SSL server
certificate when it boots, and this certificate must be installed in the browser. Once the certificate is
installed, you can connect using HTTPS. You need to install the certificate from a given VPN 3002 only
once.

Managing the VPN 3002 is the same with or without SSL. Manager screens might take slightly longer
to load with SSL because of encryption/decryption processing. When connected via SSL, the browser
shows a locked-padlock icon on its status bar. Both Microsoft Internet Explorer and Netscape Navigator
support SSL.

For HTTPS to work on the public interface, you must enable HTTPS on the VPN 3002 through the
command-line interface or from an HTTP session on the private interface first.