Secure Computing Soft-PK Version 5.1.3 Build 4, SafeNet manual Return to for each remote client

Page 38

Managing Sidewinder self-signed certs

Converting the certificate file/private key file pair to pkcs12 format

Copy the client key/ certificate object to a diskette

5.Click Close to return to the previous window.

6.To start the PKCS12 utility on the Sidewinder, from the command line, enter the following command:

pkcs12_util

The utility will prompt you for the name and location of the private key file, for the name and location of the associated certificate file, and for the name and location in which to store the resulting PKCS12-format- ted object.

The following message appears:

Please put file extensions on all file names.

Enter the name of the PKCS1 object (private key) file:

7.Type the full path name of the private key file.

The following message appears:

Enter the name of the PEM signed public key (certificate) file:

8.Type the full path name of the associated certificate file.

The following message appears:

Enter the name of the output PKCS12 object (*.p12):

9.Type the full path name of the object file that will be created by the utility. Be sure to use a .p12 extension on the file name.

The following message appears:

pkcs12 encryption password for public key (it WILL be clear

screen text):

10.Type a password for this PKCS12 object.

You apply a password to the object because the object contains both the public and private keys. The password will be needed when import- ing this object into a Soft-PK client. The password can consist of any alpha-numeric characters.

Note: After typing the password, the utility creates the PKCS12 file in the directory

you specified in Step 9.

11.Return to Step 1 for each remote client.

Once you have finished creating the PKCS12 object(s), copy each object to its own diskette for distribution to the appropriate Soft-PK client. You can do this using the mcopy command. For example:

% mcopy -tfilename a:filename

3-8

Configuring Sidewinder for Soft-PK Clients

Page 37 Page 39
Image 38
Page 37 Page 39
Contents VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK About this Guide Who should read this guide?How this guide is OrganizedAbout digital certificates About Soft-PKAbout Sidewinder Viewing and printing this document onlineViii Getting Started About this chapterAbout Soft-PK & Sidewinder VPNs Requirements Sidewinder and other network requirementsSoft-PK requirements Roadmap to deploying your VPNs Sidewinder system 4c1 Define remote identities within SidewinderPlan your VPN configuration Satisfy Sidewinder, network, & system requirementsIf using pre-shared keys passwords Create/Request the digital certificatesConfigure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Private key file Identifying authentication requirementsUsing digital certificate authentication Certificate file with public keyFor a small number of VPN Closer look at self-signed certificatesNo CA needed ClientsUnderstanding pre-shared key authentication Closer look at CA-based certificatesExtended authentication Determining where you will terminate your VPNs VPN tunnel terminating on trusted burbDefining a virtual burb Select Firewall Administration Burb ConfigurationMore about virtual burbs and VPNs Understanding Sidewinder client address pools SidewinderUnderstanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Enable Enable the cmd, egd, and isakmp serversClick Apply Configure the Isakmp server Select VPN Configuration Isakmp ServerConfiguring ACL & proxies entries for VPN connections Managing Sidewinder self- signed certs Creating & exporting a firewall certificateMail Address Specify the following Firewall Certificate settingsClick OK when done Select the Remote Certificates tab. Click New Select Services Configuration Certificate ManagementCreating & exporting remote certificates Key File Specify the following Remote Certificate settingsClick Add to add the certificate to the Certificates list GeneratedReturn to for each remote client Managing CA- based certificates Defining a CA to use and obtaining the CA root certRequesting a certificate for the firewall Retrieve the key, revoke, etc Specify the firewall certificate informationClick Add to send the enrollment request Determining identifying information for client certificates Defining remote client identities in Sidewinder Certificate Identities defined on the firewallManaging pre- shared keys passwords Configuring the VPN on the Sidewinder New button to specify the IP Address / Hostname Field Setting Local Network/IPEnabled Select Yes Burb Example, if you specify 24 with an IP addressType Firewall to the remote client Value Require Extended Enable this checkbox AuthenticationCertificate VPN from the list provided Firewall Identity This field cannot be editedEdited TypeClient Remote Identity Save your settings!4. Click Add to save the settingsClick Close Page Installing and Working with Soft-PK Soft-PK installation notes Starting Soft-PK Determining Soft-PK status from icon variationsMeans Soft-PK security policy is currently active Right-click the Soft-PK tray icon to access menuActivating/Deactivating Soft-PK Security Policy Editor About the Soft-PK program optionsCertificate Manager Log ViewerSetting up Sidewinder self-signed certificates Managing certificates on Soft-PKSetting up CA-based certificates Select the Generate Exportable Key check box Click Advanced to select a certificate service providerGet your CA administrator to approve your request Importing certificate in Soft-PK Verification window Import Certificate Password Window Importing a personal certificate into Soft-PKCertificate file Configuring a security policy on the Soft-PK Select Options Secure Specified ConnectionsSpecify the interface information If using digital certificatesEnable the Connect using Secure Gateway Tunnel box New connection Named SecureVPNConfiguring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields SA Life Select Unspecified to default to Sidewinder settings Optional Click Save to save the policy on this systemPage Deploying Soft-PK to Your End Users Format OverviewWord Cannot modify Soft-PK setup.exe file and supporting filesSecurity policy Specifying dial-up network instructions Specifying installation instructionsCustomizing the user worksheet Specifying certificate import/request instructions Specifying security policy instructions Specifying basic connection informationSoft-PK Log Viewer About this appendixSoft-PK Connection Monitor More about the Connection Monitor To view the detailsSidewinder troubleshooting commands Page Part Number 86-0935037-A
Top Page Image Contents