116Certificates and Client Authentication

Managing Revocation of Client Certificates

Certificate revocation lists (CRLs) are maintained by certificate authorities to recall client certificates that are no longer considered trustworthy. The reasons for this can be that the client certificate may have been issued by mistake, or that the subject accidentally has revealed the private key.

By keeping a certificate revocation list on your SSL server, client certificates sent to the server are checked against the CRL. If a match is found, the SSL session is terminated. This mode of operation requires, first of all, that you have configured the virtual SSL server to always require client certificates. (For more information, see “Configure a Virtual SSL Server to Require a Client Certificate” (page 108)). You must also regularly check with the certificate authorities you trust for their latest CRLs.

Moreover, if you take on the role of a certificate authority by issuing your own client certificates, you will also need to maintain your own certificate revocation lists. This can be done by listing the serial numbers of the client certificates you want to revoke in an ASCII file. You may also specify the serial number of a particular client certificate directly in the command line interface by using the add command in the Revocation menu.

Revoking Client Certificates Issued by an External CA

Step Action

1Specify the CA certificate, to which you want to add a CRL.

The certificate you specify must be a CA certificate from the same certificate authority that published the CRL you are about to add. To view basic information about available certificates, use the /info/certs command.

>>Main# cfg/cert

Enter certificate number: (1-) 1 (example)

>> Certificate 1# revoke

2Download and add a CRL from a TFTP/FTP/SCP/SFTP server.

Specify the host name or IP address of the TFTP/FTP/SCP/S FTP server, and provide the file name of the CRL. The CRL is retrieved and added to Certificate 1 (used as an example).

Nortel VPN Gateway

User Guide

NN46120-104 02.01 Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

Page 116
Image 116
Nortel Networks NN46120-104 manual Managing Revocation of Client Certificates

NN46120-104 specifications

Nortel Networks NN46120-104 is a versatile and efficient telecommunications hardware platform designed to meet the demands of modern networking environments. As a part of Nortel’s extensive portfolio, this device showcases the company’s commitment to innovation and reliability in the telecom sector.

One of the main features of the NN46120-104 is its robust performance capabilities. This platform is capable of handling high traffic volumes, making it suitable for medium to large enterprises. With its advanced routing capabilities and support for various protocols, the device ensures seamless communication across multiple network segments, providing efficient data transfer and connectivity.

The NN46120-104 is built upon the foundation of Nortel's renowned Layer 3 switching technology. This allows it to intelligently direct data packets based on their IP addresses, optimizing both speed and reliability. The inclusion of Virtual LAN (VLAN) support enhances network segmentation, improving security and management while reducing broadcast domains.

In terms of interface options, the NN46120-104 supports an array of Ethernet configurations, including Gigabit and Fast Ethernet ports. This flexibility allows organizations to tailor their networking solutions to their specific needs while enabling easy upgrades as technology evolves. The device also supports Power over Ethernet (PoE), facilitating the deployment of powered devices like IP phones and wireless access points without the need for additional power sources.

Another significant characteristic of the NN46120-104 is its robustness in terms of security features. With support for advanced security protocols and features such as Access Control Lists (ACLs), the device helps safeguard sensitive data by controlling traffic flow and restricting unauthorized access.

Additionally, the NN46120-104 is designed for ease of management. It offers an intuitive interface and supports various management protocols, including Simple Network Management Protocol (SNMP), enabling administrators to monitor and configure the device efficiently.

In summary, the Nortel Networks NN46120-104 combines high performance, extensive connectivity options, advanced security features, and ease of management, making it a formidable choice for enterprises looking to enhance their network infrastructure. Its capabilities align well with the rigorous demands of today’s digital communication landscape, ensuring reliability and efficiency in organizational operations.