Manualshelf

User manual

ManualsBrandsCyberGuard ManualsComputer equipmentSG575
211212213214215216217218219220
Virtual Private Networking
211
Using certificates with Windows IPSec
To create certificates to use with IPSec on a Windows system, first follow the previous
instructions in Creating a CA certificate and Creating local certificate pairs.
Windows IPSec requires the certificates to be in a PKCS12 format file. This format
combines the CA certificate, local public certificate and local private key certificate into
one file.
openssl pkcs12 -export -inkey cert1.key -in cert1.pem -certfile
rootCA/ca.pem -out cert1.p12 -name "Certificate 1"
To install the new PCKS12 file, cert1.p12, on Windows XP, open up the Microsoft
Management Console (Start -> Run -> then type mmc).
Add the Certificate Snap-in (File -> Add/Remove Snap-in -> Add -> select
Certificates -> Add -> select the account level you want the certificates installed for
(i.e. current user vs. all users) (-> Local Computer) -> Close -> OK.
Double click Certificates to open the store.
Select the Personal store.
Import new certificate (Action -> All Tasks -> Import).
Locate cert1.p12.
Type in the Export Password if you used one.
Select Automatically select the certificate store based on the type of certificate.
Add certificates
To add certificates to the CyberGuard SG appliance, select IPSec from the VPN section
of the main menu and then click the Certificate Lists tab at the top of the window. Any
previously uploaded certificates are displayed, and may be removed by clicking the
corresponding Delete icon.