Cisco Systems OL-5490-01 manual Enrolling and Managing Certificates, Using the Certificate Store

Page 61

C H A P T E R 6

Enrolling and Managing Certificates

This chapter describes how to enroll and manage digital certificates for the VPN Client for Mac OS X, specifically how to perform the following tasks:

•Obtain personal certificates through enrollment with a certificate authority (CA), which is an organization that issues digital certificates that verify that you are who you say you are.

•Manage certificates and enrollment requests

•Import, export, view, and verify certificates

To get started with certificates, open the Certificates tab on the main VPN Client window in advanced mode. The Certificates tab lists the certificates you currently have enrolled. If there are no certificates showing, you need to enroll with a CA or contact your system administrator.

Using the Certificate Store

The VPN Client uses the notion of store to convey a location in your local file system for storing personal certificates. The main store for the VPN Client is the Cisco store, which contains certificates enrolled through the Simple Certificate Enrollment Protocol (SCEP), and certificates that have been imported from a file.

The Certificates tab on the main VPN Client window displays the list of certificates in your certificate store (Figure 6-1).

VPN Client User Guide for Mac OS X

	OL-5490-01	6-1

Image 61

Contents VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Audience ContentsTerminology Related DocumentationDocument Conventions Data Formats Obtaining DocumentationCisco.com Documentation CD-ROMOrdering Documentation Obtaining Technical AssistanceDocumentation Feedback Cisco TAC Website Technical Assistance CenterCisco TAC Escalation Center Obtaining Additional Publications and InformationConnection Technologies Understanding the VPN ClientVPN Client Overview Program Features VPN Client FeaturesAdministrator Guide IPSec Features Authentication FeaturesIPSec Attribute Description VPN Client IPSec AttributesXauth OL-5490-01 Gathering Information You Need Verifying System RequirementsObtaining the VPN Client Software Preconfiguring the VPN ClientPreconfiguring the Global Profile Preconfiguring the User ProfileAuthentication Installing the VPN ClientAuthorization Window Introduction VPN Client Installation ProcessSelecting the Application Destination Accepting the License AgreementSelect Destination Window Choosing the Installation TypeEasy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window CLI Version Install Script Notes Uninstalling the VPN ClientSudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 VPN Client Menu Navigating the User InterfaceOperating in Simple Mode Choosing a Run ModeVPN Client Window-Simple Mode Connection Entries Menu Main Menus-Simple ModeStatus Menu VPN Client Window-Advanced Mode Operating in Advanced ModeMain Tabs-Advanced Mode Toolbar Action Buttons-Advanced ModeConnection Entries Menu Main Menus-Advanced Mode10 Status Menu Certificates MenuLog Menu Right-Click Menus14 Connection Entries Right-Click Menu Connection Entries Tab Right-Click Menu15 Certificates Tab Right-Click Menu Certificates Tab Right-Click MenuCreating a Connection Entry Configuring Connection EntriesVPN Client Window Group Authentication Authentication MethodsCertificate Authentication Mutual Group AuthenticationCertificate Authentication Transport Parameters Transport SettingsTransparent Tunneling Mode Enable Transport TunnelingAllow Local LAN Access Peer Response Timeout Backup ServersEnter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Establishing a Connection Checking Prerequisites2shows the VPN Client window in simple mode Connecting to a Default Connection Entry Choosing Authentication MethodsShared Key Authentication Radius Server Authentication VPN Group Name and Password AuthenticationUser Authentication for Radius SecurID AuthenticationUser Authentication for RSA SecurID Using Digital CertificatesEnrolling and Managing Certificates Using the Certificate StoreCertificate Store Enrolling CertificatesOnline Certificate Enrollment Entry Field Description Viewing the Enrollment Request Managing Enrollment RequestsDeleting an Enrollment Request Retrying an Enrollment Request Changing the Password on an Enrollment RequestViewing a Certificate Importing a CertificateCertificate Properties Whether the export is successful Exporting a CertificateSuccessful Export Prompt Deleting a CertificateVerifying a Certificate 11 Password Prompt for Deleting Enrollment CertificatesChanging the Password on a Personal Certificate Importing a Connection Entry Managing Connection EntriesImport VPN Connection Modifying a Connection EntryDeleting a Connection Entry Connection Entry SettingsEvent Logging Enable LoggingSet Logging Options Clear LoggingLog Class Description Module Logging Levels Opening the Log WindowLog Window Viewing StatisticsField Description Tunnel DetailsRoute Details Cisco VPN Client Administrator Guide lists allStatistics Window-Route Details Notifications10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8