How Local User Authentication Works: RADIUS, Privilege Groups and X.509 Certificates

STEP A

STEP B

STEP C

STEP D

In the DN Attribute field, select an attribute from the drop down list.

Type the value in the data field.

Click Add to table below.

The attribute and value are added to the Distinguished Name table. You can delete an attribute if required.

Repeat this process until you have defined the necessary information for the certifi- cate.

STEP 6 Click Create.to generate the Certificate Request in PKCS#10 format.

The Certificate Requests page displays with the generated request listed in the Certificate Request table.

After generating the request, use the Export function to save the file so you can submit the request to a Certificate Authority to obtain a signed local certificate.

Import a signed Local Certificate

STEP 1

STEP 2

STEP 3

Note Use this procedure to import the signed Certificate that you received from the Certificate Authority in response to submitting a Certificate Request generated from the LSM.

From the LSM menu, select Authentication > X.509 Certificates. On the CA Certificate page, click the Certificate Requests tab.

On the Certificate Requests page in the Import Signed Request table, type the Certificate File path and filename for the certificate request to import, or click Browse and navigate to the file.

This is the name of the signed Local Certificate file returned from the CA to which you transferred the Certificate Request file.

Click Import.

If the device verifies that the certificate can be trusted and that it matches a current Certificate Request, the certificate is imported. The matching certificate request is deleted. After the local certificate is imported, you can view and manage it from the Local Certificates page.

If the import fails, an error message explaining the failure is displayed.

Local Certificates

Local Certificates are used by X family device to authenticate IPSec on the device. Local Certificates are signed using the private key of a CA Certificate, which is a digital certificate issued by a Certificate Authority (CA).

The local certificate is a personal certificate, installed on the X family device or remote device. Each device has a unique local certificate. Because the local certificate has been signed by a CA, any other device that has imported and trusts the CA certificate can authenticate the X family device.

X Family LSM User’s Guide V 2.5.1

263