Specifications

9-2

VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring

78-13274-01

Chapter 9 Certificate Management

Administration | Certificate Management

For information on using SSL certificates, see the “Installing the SSL Certificate in your Browser”

section in Chapter 1. See also Configuration | System | Management Protocols | HTTP/HTTPS and

Telnet, and Configuration | System | Management Protocols | SSL.

Digital certificates carry a timestamp that determines a time frame for their validity. Therefore, it is

essential that the time on the VPN Concentrator is correct and synchronized with network time. See

Figure 9-1 Administration | Certificate Management Screen

Installing Digital Certificates on the VPN Concentrator

Installing a digital certificate on the VPN Concentrator requires these steps:

Step 1 Use the Administration | Certificate Management | Enrollment screen to generate a certificate request.

Save the request as a file, or copy it to the clipboard.

Step 2 Send the certificate request to a CA, usually using the CA’s web interface. Most CAs let you submit the

request by pasting from the clipboard; otherwise, you can send a file.

Step 3 From the CA, receive root (and perhaps subordinate) and identity certificates. Save them as text files on

your PC or other reachable network host; do not open them or install them in your browser.

Step 4 Use the Administration | Certificate Management | Installation screen to:

a. Install the root certificate on the VPN Concentrator first.

a. Then install any subordinate certificate(s).

a. Finally, install the identity certificate.

Step 5 Use the Administration | Certificate Management | Certificates screen to view the certificates and check

them, and perhaps to enable revocation checking.

Note You must complete the enrollment and certificate installation process within one week of generating

the request.

See the appropriate Administration | Certificate Management screen for more information.