Enrolling and Managing Certificates | Cisco Systems OL-5490-01

C H A P T E R 6

Enrolling and Managing Certificates

This chapter describes how to enroll and manage digital certificates for the VPN Client for Mac OS X, specifically how to perform the following tasks:

•Obtain personal certificates through enrollment with a certificate authority (CA), which is an organization that issues digital certificates that verify that you are who you say you are.

•Manage certificates and enrollment requests

•Import, export, view, and verify certificates

To get started with certificates, open the Certificates tab on the main VPN Client window in advanced mode. The Certificates tab lists the certificates you currently have enrolled. If there are no certificates showing, you need to enroll with a CA or contact your system administrator.

Using the Certificate Store

The VPN Client uses the notion of store to convey a location in your local file system for storing personal certificates. The main store for the VPN Client is the Cisco store, which contains certificates enrolled through the Simple Certificate Enrollment Protocol (SCEP), and certificates that have been imported from a file.

The Certificates tab on the main VPN Client window displays the list of certificates in your certificate store (Figure 6-1).

VPN Client User Guide for Mac OS X

	OL-5490-01	6-1

Image 61

Cisco Systems OL-5490-01 manual Enrolling and Managing Certificates, Using the Certificate Store

Contents

VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Audience Contents Terminology Related DocumentationDocument Conventions Data Formats Obtaining DocumentationCisco.com Documentation CD-ROM Ordering Documentation Obtaining Technical AssistanceDocumentation Feedback Cisco TAC Website Technical Assistance Center Cisco TAC Escalation Center Obtaining Additional Publications and Information Connection Technologies Understanding the VPN Client VPN Client Overview Program Features VPN Client Features Administrator Guide IPSec Features Authentication Features IPSec Attribute Description VPN Client IPSec Attributes Xauth OL-5490-01 Gathering Information You Need Verifying System Requirements Obtaining the VPN Client Software Preconfiguring the VPN Client Preconfiguring the Global Profile Preconfiguring the User Profile Authentication Installing the VPN Client Authorization Window Introduction VPN Client Installation Process Selecting the Application Destination Accepting the License Agreement Select Destination Window Choosing the Installation Type Easy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window CLI Version Install Script Notes Uninstalling the VPN Client Sudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 VPN Client Menu Navigating the User Interface Operating in Simple Mode Choosing a Run ModeVPN Client Window-Simple Mode Connection Entries Menu Main Menus-Simple ModeStatus Menu VPN Client Window-Advanced Mode Operating in Advanced Mode Main Tabs-Advanced Mode Toolbar Action Buttons-Advanced Mode Connection Entries Menu Main Menus-Advanced Mode 10 Status Menu Certificates Menu Log Menu Right-Click Menus 14 Connection Entries Right-Click Menu Connection Entries Tab Right-Click Menu 15 Certificates Tab Right-Click Menu Certificates Tab Right-Click Menu Creating a Connection Entry Configuring Connection Entries VPN Client Window Group Authentication Authentication Methods Certificate Authentication Mutual Group Authentication Certificate Authentication Transport Parameters Transport Settings Transparent Tunneling Mode Enable Transport TunnelingAllow Local LAN Access Peer Response Timeout Backup Servers Enter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Establishing a Connection Checking Prerequisites 2shows the VPN Client window in simple mode Connecting to a Default Connection Entry Choosing Authentication MethodsShared Key Authentication Radius Server Authentication VPN Group Name and Password Authentication User Authentication for Radius SecurID Authentication User Authentication for RSA SecurID Using Digital Certificates Enrolling and Managing Certificates Using the Certificate Store Certificate Store Enrolling Certificates Online Certificate Enrollment Entry Field Description Viewing the Enrollment Request Managing Enrollment RequestsDeleting an Enrollment Request Retrying an Enrollment Request Changing the Password on an Enrollment Request Viewing a Certificate Importing a Certificate Certificate Properties Whether the export is successful Exporting a Certificate Successful Export Prompt Deleting a Certificate Verifying a Certificate 11 Password Prompt for Deleting Enrollment Certificates Changing the Password on a Personal Certificate Importing a Connection Entry Managing Connection Entries Import VPN Connection Modifying a Connection Entry Deleting a Connection Entry Connection Entry Settings Event Logging Enable Logging Set Logging Options Clear Logging Log Class Description Module Logging Levels Opening the Log Window Log Window Viewing Statistics Field Description Tunnel Details Route Details Cisco VPN Client Administrator Guide lists all Statistics Window-Route Details Notifications 10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8