Filter
Top Products
Policy Manager - My Certificates
Issue 4 May 2005 235
Up to eight certificates can be stored in a VSU. During IKE negotiation, a VSU sends a specified
certificate to its target. Those other VSUs and clients are called targets. Likewise, the target that
received a certificate must distribute its [unique] certificate to the sender to complete the
exchange. The VSUs use the exchange to authenticate each other and to distribute their public
keys. These additional certificates can be created then installed into a VSU. Each certificate is
assigned a target (see IKE Certificate Usage on page 240
for additional information about
making those assignments). A VSU only needs a single certificate to distribute its public-key to
multiple VSUs, but additional certificates can be created for establishing secure connections
with special targets. The process of getting a certificate for a specific VSU is illustrated in
Figure 75
Figure 75: Installing a Signed Certificate into a VSU
Explanation for Figure 75:
1. An administrator uses VPNmanager Console to get a Certificate Request from a specific
VSU.
2. The administrator sends the Certificate Request to a Public Key Infrastructure (PKI)
System.
3. The PKI System sends a Signed Certificate to the administrator.
4. The administrator uses VPNmanager Console to install the Signed Certificate into the VSU.
Creating and Installing a Signed Certificate
Shown in Figure 76 is the Policy Manager for My Certificates. Use it for generating certificate
requests, installing signed certificates in a VSU, and for selecting which certificate the
VPNmanager Console must be configured as the target.
Note: For this process to work, the
security gateway must have already
been configured with an IP address.
PKI
LAN
security
WAN
V
P
N
m
a
n
a
g
e
r
C
o
n
s
o
l
e
1
2
3
4