Manuals / Secure Computing / Computer Equipment / Network Router

Secure Computing Sidewinder Version 5.1.0.02 Specify the following Remote Certificate settings

Models: Soft-PK Version 5.1.3 Build 4 Sidewinder Version 5.1.0.02 SafeNet

1 80

Download 80 pages 41.45 Kb

Page 37

Managing Sidewinder self-signed certs

3.Specify the following Remote Certificate settings.

FieldSetting

Certificate Name Specify a name for the remote certificate.

Distinguished	Specify a set of data that identifies the client. Use the
Name	following format:
	cn=,ou=,o=,l=,st=,c=
	where:
	cn = common name
	ou = organizational unit
	o = organization
	l = locality
	st = state
	c = country
			IMPORTANT: The syntax for this field is very
			IMPORTANT: The syntax for this field is very
			important. The above entries must be separated
			by commas, and contain no spaces. In addition,
	the order of the specified distinguished name fields
	must match the desired order to be listed in the
	certificate.

E-Mail Address,	Optional fields to identify information (in addition to
Domain Name,	DN).
IP Address

Submit to CA	Select Self Signed.

Signature Type	Select RSA.

Generated Private	Click Browse and specify where you want to save the
Key File	private key associated with this certificate. You must use
	a .pk1 extension (for example, "clientprivate.pk1").
			IMPORTANT: The private key files must be
			IMPORTANT: The private key files must be
			created as .pk1 objects. The conversion utility
			used starting in Step 6 will not work with .pk8
	objects.

Generated	Click Browse and specify where you want to save this
Certificate File	certificate. Use a .pem extension (for example,
	"clientcert.pem").

4.Click Add to add the certificate to the Certificates list.

Configuring Sidewinder for Soft-PK Clients	3-7

Image 37

Secure Computing Sidewinder Version 5.1.0.02 manual Specify the following Remote Certificate settings, Key File, Generated

Contents

VPN Administration Guide Page Copyright Notice Printing History B L E O F C O N T E N T S Installing and Working with Soft-PK Who should read this guide? About this GuideOrganized How this guide isAbout Sidewinder About Soft-PKAbout digital certificates Viewing and printing this document onlineViii About this chapter Getting StartedAbout Soft-PK & Sidewinder VPNs Sidewinder and other network requirements RequirementsSoft-PK requirements Roadmap to deploying your VPNs 4c1 Define remote identities within Sidewinder Sidewinder systemSatisfy Sidewinder, network, & system requirements Plan your VPN configurationCreate/Request the digital certificates If using pre-shared keys passwordsConfigure the VPN connections on the Sidewinder Troubleshoot any connection problems Planning Your VPN Configuration Identifying basic VPN connection needs Using digital certificate authentication Identifying authentication requirementsPrivate key file Certificate file with public keyNo CA needed Closer look at self-signed certificatesFor a small number of VPN ClientsCloser look at CA-based certificates Understanding pre-shared key authenticationExtended authentication VPN tunnel terminating on trusted burb Determining where you will terminate your VPNsMore about virtual burbs and VPNs Select Firewall Administration Burb ConfigurationDefining a virtual burb Sidewinder Understanding Sidewinder client address poolsUnderstanding Sidewinder client address pools Configuring Sidewinder for Soft-PK Clients Click Apply Configure the Isakmp server Enable the cmd, egd, and isakmp serversEnable Select VPN Configuration Isakmp ServerConfiguring ACL & proxies entries for VPN connections Creating & exporting a firewall certificate Managing Sidewinder self- signed certsClick OK when done Specify the following Firewall Certificate settingsMail Address Creating & exporting remote certificates Select Services Configuration Certificate ManagementSelect the Remote Certificates tab. Click New Click Add to add the certificate to the Certificates list Specify the following Remote Certificate settingsKey File GeneratedReturn to for each remote client Defining a CA to use and obtaining the CA root cert Managing CA- based certificatesRequesting a certificate for the firewall Click Add to send the enrollment request Specify the firewall certificate informationRetrieve the key, revoke, etc Determining identifying information for client certificates Certificate Identities defined on the firewall Defining remote client identities in SidewinderManaging pre- shared keys passwords Configuring the VPN on the Sidewinder Enabled Select Yes Burb Field Setting Local Network/IPNew button to specify the IP Address / Hostname Example, if you specify 24 with an IP addressCertificate VPN from the list provided Firewall Identity Require Extended Enable this checkbox AuthenticationType Firewall to the remote client Value This field cannot be editedClient TypeEdited Click Close Save your settings!4. Click Add to save the settingsRemote Identity Page Installing and Working with Soft-PK Soft-PK installation notes Determining Soft-PK status from icon variations Starting Soft-PKActivating/Deactivating Soft-PK Right-click the Soft-PK tray icon to access menuMeans Soft-PK security policy is currently active Certificate Manager About the Soft-PK program optionsSecurity Policy Editor Log ViewerManaging certificates on Soft-PK Setting up Sidewinder self-signed certificatesSetting up CA-based certificates Get your CA administrator to approve your request Click Advanced to select a certificate service providerSelect the Generate Exportable Key check box Importing certificate in Soft-PK Verification window Importing a personal certificate into Soft-PK Import Certificate Password WindowCertificate file Select Options Secure Specified Connections Configuring a security policy on the Soft-PKEnable the Connect using Secure Gateway Tunnel box If using digital certificatesSpecify the interface information New connection Named SecureVPNConfiguring a security policy on the Soft-PK Encryption and Data Integrity/Algorithms fields Optional Click Save to save the policy on this system SA Life Select Unspecified to default to Sidewinder settingsPage Deploying Soft-PK to Your End Users Word OverviewFormat Security policy Soft-PK setup.exe file and supporting filesCannot modify Customizing the user worksheet Specifying installation instructionsSpecifying dial-up network instructions Specifying certificate import/request instructions Specifying basic connection information Specifying security policy instructionsAbout this appendix Soft-PK Log ViewerSoft-PK Connection Monitor To view the details More about the Connection MonitorSidewinder troubleshooting commands Page Part Number 86-0935037-A