Enrolling Certificates | Cisco Systems OL-5490-01 specification

Chapter 6 Enrolling and Managing Certificates

Enrolling Certificates

Figure 6-1 Certificate Store

For each certificate, the following information is listed:

•Certificate—The name of the certificate.

•Store—The certificate store where this certificate resides. If you enroll a certificate from a Certificate Authority, the store is CA. If you import a certificate from a file, the store is Cisco.

•Key Size—The size, in bits, of the signing key pair.

•Validity—The date and time when this certificate expires.

Enrolling Certificates

Your system administrator may have already set up your VPN Client with digital certificates. If not, or if you want to add certificates, you can obtain a certificate by enrolling with a Certificate Authority (CA).

To enroll a digital certificate you must enroll using the PKI Framework standards, receive approval from the CA, and have the certificate installed on your system.

You can enroll a digital certificate:

•Over the network from a CA

•From an enrollment request file

To enroll a digital certificate for user authentication

Step 1 Click the Certificates tab.

Step 2 Click Enroll at the top of the VPN Client window. The Certificate Enrollment dialog box appears.

Step 3 Choose a certificate enrollment type.

•If you choose Online, you obtain a certificate by enrolling with a CA over the network.

•If you choose File, the VPN Client generates an enrollment request file that you can email to a CA or post into a webpage form.

Figure 6-2shows the Certificate Enrollment Dialog Box.

VPN Client User Guide for Mac OS X

6-2	OL-5490-01

Image 62

Cisco Systems OL-5490-01 manual Enrolling Certificates, Certificate Store

Contents

VPN Client User Guide for Mac OS VPN Client User Guide for Mac OS N T E N T S Authentication Changing the Password on a Personal Certificate Notifications Contents Audience Document Conventions Related DocumentationTerminology Cisco.com Obtaining DocumentationData Formats Documentation CD-ROM Documentation Feedback Obtaining Technical AssistanceOrdering Documentation Technical Assistance Center Cisco TAC Website Obtaining Additional Publications and Information Cisco TAC Escalation Center Understanding the VPN Client Connection Technologies VPN Client Overview VPN Client Features Program Features Administrator Guide Authentication Features IPSec Features VPN Client IPSec Attributes IPSec Attribute Description Xauth OL-5490-01 Verifying System Requirements Gathering Information You Need Preconfiguring the VPN Client Obtaining the VPN Client Software Preconfiguring the User Profile Preconfiguring the Global Profile Installing the VPN Client Authentication Authorization Window VPN Client Installation Process Introduction Accepting the License Agreement Selecting the Application Destination Choosing the Installation Type Select Destination Window Easy Install Window 10 Install Software Progress Window 11 Successful Installation Confirmation Window Uninstalling the VPN Client CLI Version Install Script Notes Sudo /usr/local/bin/vpnuninstall Enter your password OL-5490-01 Navigating the User Interface VPN Client Menu VPN Client Window-Simple Mode Choosing a Run ModeOperating in Simple Mode Status Menu Main Menus-Simple ModeConnection Entries Menu Operating in Advanced Mode VPN Client Window-Advanced Mode Toolbar Action Buttons-Advanced Mode Main Tabs-Advanced Mode Main Menus-Advanced Mode Connection Entries Menu Certificates Menu 10 Status Menu Right-Click Menus Log Menu Connection Entries Tab Right-Click Menu 14 Connection Entries Right-Click Menu Certificates Tab Right-Click Menu 15 Certificates Tab Right-Click Menu Configuring Connection Entries Creating a Connection Entry VPN Client Window Authentication Methods Group Authentication Mutual Group Authentication Certificate Authentication Certificate Authentication Transport Settings Transport Parameters Allow Local LAN Access Enable Transport TunnelingTransparent Tunneling Mode Backup Servers Peer Response Timeout Enter the hostname or IP address of the backup server to add Configuring Connection Entries Backup Servers Checking Prerequisites Establishing a Connection 2shows the VPN Client window in simple mode Shared Key Authentication Choosing Authentication MethodsConnecting to a Default Connection Entry VPN Group Name and Password Authentication Radius Server Authentication SecurID Authentication User Authentication for Radius Using Digital Certificates User Authentication for RSA SecurID Using the Certificate Store Enrolling and Managing Certificates Enrolling Certificates Certificate Store Online Certificate Enrollment Entry Field Description Deleting an Enrollment Request Managing Enrollment RequestsViewing the Enrollment Request Changing the Password on an Enrollment Request Retrying an Enrollment Request Importing a Certificate Viewing a Certificate Certificate Properties Exporting a Certificate Whether the export is successful Deleting a Certificate Successful Export Prompt 11 Password Prompt for Deleting Enrollment Certificates Verifying a Certificate Changing the Password on a Personal Certificate Managing Connection Entries Importing a Connection Entry Modifying a Connection Entry Import VPN Connection Connection Entry Settings Deleting a Connection Entry Enable Logging Event Logging Clear Logging Set Logging Options Log Class Description Module Opening the Log Window Logging Levels Viewing Statistics Log Window Tunnel Details Field Description Cisco VPN Client Administrator Guide lists all Route Details Notifications Statistics Window-Route Details 10 Notifications Window D E IN-2 IN-3 IN-4 IN-5 IN-6 IN-7 IN-8