Manualshelf

Specifications

ManualsBrandsCharles ManualsComputer equipment3641-80
101102103104105106107108109110
Issue 1.0, April 2006 Section 364-180-N02
©2006 Charles Industries, Ltd.
All rights reserved. Printed in United States of America.
99
Figure 6-61 Web Tool – IPSec: Generate Certificate Request page
3. From the “Key Type” drop-down menu, choose RSA and then from the “Key Length”
drop-down menu, select the key length.
4. All remaining fields are optional except for the Subject Alternative Name. Enter the Subject
Alternative Name with both an email address and your router’s WAN port IP address.
NOTE: Entering both an IP address and an email address into the Subject
Alternative Name field will give you the flexibility for negotiating both Main Mode and
Aggressive Mode successfully with certificates. What you enter into the Subject
Alternative Name field in the PKCS10 request will be checked against the ID sent fo
r
phase 1 Negotiation ID. If the Subject Alternative Name field is left blank when
creating this PKCS10 request, negotiations will fail with the remote peer because the
ID actually being sent is the Negotiation ID, which does not match the blank ID inside
the certificate.
5. Now click the Generate button at the bottom of the page. This will send the attributes to the
router, which will generate the private key pair and send a user certificate back to the
Management Interface in the form of a PKCS10 request. The user certificate will appear.
Select all the text shown and copy it.
6. You now need to access a Certificate Authority server of your choice. You can use
http://isakmptest.ssh.fi/cgi-bin/nph-real-cert/cert.pem, as we do in the example. In a new
browser window, enter the URL of your desired server or the one listed above. Paste the user
certificate text that you copied in step 5 into the box on the CA server and follow the steps to
reach a final certificate. Copy the text of the final certificate.
7. Back in the Web Configuration tool, in the folder list, click the Certificate Information link.
If not already showing, click the User Certificate tab at the top of the window. Click the
The availability of features and technical specifications herein subject to change without notice.