Manuals / Secure Computing / Computer Equipment / Network Router

Secure Computing Soft-PK Version 5.1.3 Build 4, SafeNet manual Click OK when done, Mail Address

Models: Soft-PK Version 5.1.3 Build 4 Sidewinder Version 5.1.0.02 SafeNet

1 80

Download 80 pages 41.45 Kb

Page 35

Managing Sidewinder self-signed certs

Export the firewall certificate (for later transfer to each client system)

3.Specify the following Firewall Certificate settings.

FieldSetting

Certificate Name Specify a name for the firewall certificate.

Distinguished	Specify a set of data that identifies the firewall. Use the
Name	following format:
	cn=,ou=,o=,l=,st=,c=
	where:
	cn = common name
	ou = organizational unit
	o = organization
	l = locality
	st = state
	c = country
			IMPORTANT: The syntax for this field is very
			IMPORTANT: The syntax for this field is very
			important. The above entries must be separated
			by commas, and contain no spaces. In addition,
	the order of the specified distinguished name fields
	must match the desired order to be listed in the
	certificate.

E-Mail Address,	Optional fields to identify information (in addition to
Domain Name,	DN).
IP Address

Submit to CA	Select Self Signed.

Signature Type	Select RSA.

4.Click Add to add the certificate to the Certificates list.

5.Click Close to return to the Firewall Certificate window.

6.Click Export and save the firewall certificate (containing the public key) to a file. Add a .pem extension (for example, "firewallcert.pem").

7.Click OK when done.

Once you have finished creating the firewall certificate, you will typically copy it to an MS-formatted diskette for distribution to each remote Soft-PK client. You can do this using the mcopy command. For example:

% mcopy -tfilename a:filename

Configuring Sidewinder for Soft-PK Clients	3-5

Image 35

Secure Computing Soft-PK Version 5.1.3 Build 4 Specify the following Firewall Certificate settings, Click OK when done

Contents

VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK Who should read this guide? About this Guide Organized How this guide is Viewing and printing this document online About Soft-PKAbout Sidewinder About digital certificates Viii About this chapter Getting Started About Soft-PK & Sidewinder VPNs Sidewinder and other network requirements Requirements Soft-PK requirements Roadmap to deploying your VPNs 4c1 Define remote identities within Sidewinder Sidewinder system Satisfy Sidewinder, network, & system requirements Plan your VPN configuration Create/Request the digital certificates If using pre-shared keys passwords Configure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Certificate file with public key Identifying authentication requirementsUsing digital certificate authentication Private key file Clients Closer look at self-signed certificatesNo CA needed For a small number of VPN Closer look at CA-based certificates Understanding pre-shared key authentication Extended authentication VPN tunnel terminating on trusted burb Determining where you will terminate your VPNs Defining a virtual burb Select Firewall Administration Burb ConfigurationMore about virtual burbs and VPNs Sidewinder Understanding Sidewinder client address pools Understanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Select VPN Configuration Isakmp Server Enable the cmd, egd, and isakmp serversClick Apply Configure the Isakmp server Enable Configuring ACL & proxies entries for VPN connections Creating & exporting a firewall certificate Managing Sidewinder self- signed certs Mail Address Specify the following Firewall Certificate settingsClick OK when done Select the Remote Certificates tab. Click New Select Services Configuration Certificate ManagementCreating & exporting remote certificates Generated Specify the following Remote Certificate settingsClick Add to add the certificate to the Certificates list Key File Return to for each remote client Defining a CA to use and obtaining the CA root cert Managing CA- based certificates Requesting a certificate for the firewall Retrieve the key, revoke, etc Specify the firewall certificate informationClick Add to send the enrollment request Determining identifying information for client certificates Certificate Identities defined on the firewall Defining remote client identities in Sidewinder Managing pre- shared keys passwords Configuring the VPN on the Sidewinder Example, if you specify 24 with an IP address Field Setting Local Network/IPEnabled Select Yes Burb New button to specify the IP Address / Hostname This field cannot be edited Require Extended Enable this checkbox AuthenticationCertificate VPN from the list provided Firewall Identity Type Firewall to the remote client Value Edited TypeClient Remote Identity Save your settings!4. Click Add to save the settingsClick Close Page Installing and Working with Soft-PK Soft-PK installation notes Determining Soft-PK status from icon variations Starting Soft-PK Means Soft-PK security policy is currently active Right-click the Soft-PK tray icon to access menuActivating/Deactivating Soft-PK Log Viewer About the Soft-PK program optionsCertificate Manager Security Policy Editor Managing certificates on Soft-PK Setting up Sidewinder self-signed certificates Setting up CA-based certificates Select the Generate Exportable Key check box Click Advanced to select a certificate service providerGet your CA administrator to approve your request Importing certificate in Soft-PK Verification window Importing a personal certificate into Soft-PK Import Certificate Password Window Certificate file Select Options Secure Specified Connections Configuring a security policy on the Soft-PK New connection Named SecureVPN If using digital certificatesEnable the Connect using Secure Gateway Tunnel box Specify the interface information Configuring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields Optional Click Save to save the policy on this system SA Life Select Unspecified to default to Sidewinder settingsPage Deploying Soft-PK to Your End Users Format OverviewWord Cannot modify Soft-PK setup.exe file and supporting filesSecurity policy Specifying dial-up network instructions Specifying installation instructionsCustomizing the user worksheet Specifying certificate import/request instructions Specifying basic connection information Specifying security policy instructions About this appendix Soft-PK Log Viewer Soft-PK Connection Monitor To view the details More about the Connection Monitor Sidewinder troubleshooting commands Page Part Number 86-0935037-A