108Certificates and Client Authentication

Configure a Virtual SSL Server to Require a Client Certificate

This section describes how to configure client certificate authentication when the VPN Gateway is used for SSL acceleration.

Note: For information about how to configure client certificate authentication in conjunction with VPN deployment, see the "Authentication Methods" chapter in the Application Guide for VPN.

As explained previously in this chapter, each virtual SSL server on the VPN Gateway should be configured to use a server certificate to authenticate itself towards the clients. Besides, the server can be configured to require client certificates to authenticate clients before granting access to the requested service.

When a server is set to require client certificates, a CertificateRequest message is sent from the server to the client during the SSL handshake. The client responds by sending its public key certificate in a Certificate message. After that, the client will send a CertificateVerify message to the server. The CertificateVerify message is signed by using the clients private key, and contains important information about the SSL session known

to both the client and the server. Upon receiving the CertificateVerify message, the virtual SSL server will use the public key from the client certificate to authenticate the client’s identity.

The virtual SSL server will also check if the certificate the client presents is signed by an accepted certificate authority (CA). Accepted certificate authorities are defined by the CA certificates you have listed on the virtual SSL server. The certificate you use for generating client certificates must therefore also be specified as a CA certificate on the virtual SSL server.

In addition, the virtual SSL server checks if the client certificate should be revoked, by comparing the serial number of the presented client certificate with entries in the certificate revocation list.

The following steps demonstrate how to configure a virtual SSL server to require client certificates for authentication purposes.

Step Action

1

Display information about current virtual SSL servers.

This command displays information about all virtual SSL servers on the VPN Gateway, including installed certificate. Based on

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

Page 108
Image 108
Nortel Networks NN46120-104 manual Configure a Virtual SSL Server to Require a Client Certificate, Step Action

NN46120-104 specifications

Nortel Networks NN46120-104 is a versatile and efficient telecommunications hardware platform designed to meet the demands of modern networking environments. As a part of Nortel’s extensive portfolio, this device showcases the company’s commitment to innovation and reliability in the telecom sector.

One of the main features of the NN46120-104 is its robust performance capabilities. This platform is capable of handling high traffic volumes, making it suitable for medium to large enterprises. With its advanced routing capabilities and support for various protocols, the device ensures seamless communication across multiple network segments, providing efficient data transfer and connectivity.

The NN46120-104 is built upon the foundation of Nortel's renowned Layer 3 switching technology. This allows it to intelligently direct data packets based on their IP addresses, optimizing both speed and reliability. The inclusion of Virtual LAN (VLAN) support enhances network segmentation, improving security and management while reducing broadcast domains.

In terms of interface options, the NN46120-104 supports an array of Ethernet configurations, including Gigabit and Fast Ethernet ports. This flexibility allows organizations to tailor their networking solutions to their specific needs while enabling easy upgrades as technology evolves. The device also supports Power over Ethernet (PoE), facilitating the deployment of powered devices like IP phones and wireless access points without the need for additional power sources.

Another significant characteristic of the NN46120-104 is its robustness in terms of security features. With support for advanced security protocols and features such as Access Control Lists (ACLs), the device helps safeguard sensitive data by controlling traffic flow and restricting unauthorized access.

Additionally, the NN46120-104 is designed for ease of management. It offers an intuitive interface and supports various management protocols, including Simple Network Management Protocol (SNMP), enabling administrators to monitor and configure the device efficiently.

In summary, the Nortel Networks NN46120-104 combines high performance, extensive connectivity options, advanced security features, and ease of management, making it a formidable choice for enterprises looking to enhance their network infrastructure. Its capabilities align well with the rigorous demands of today’s digital communication landscape, ensuring reliability and efficiency in organizational operations.