Specifications
3
Firewall Administration System (FAS)
Figure 3.54: Interface Statistics
Certificate Management
Access the certificate management module in FAS with ‘Tools’ ➝ ‘Certifi-
cate Management’. Close certificate management with ‘Finish’ from the same
menu. Certificates for encryption when using IPSec with X.509 certificates
can be generated, imported, and managed. In the main window, shown in
Figure 3.55 on the following page, already existing certificates listed.
The keys and certificates are generated on the SuSE Adminhost for Firewall
with the program package OpenSSL. With SSL, asymmetrical encryption is
performed, which means one key pair, consisting of a public and a private
key, is always necessary for encryption and decryption.
With the asymmetrical PKI encryption, the public keys are exchanged be-
tween the client and server. Encryption takes place using the public key of
the recipient. Decryption requires the private key.
To sign a certificate, a CA (Certificate Authority) is needed. There are some
locations with official CAs. You must pass all your certificates to this point to
105SuSE Linux – Firewall on CD2