Administrator's Guide
Chapter 6. Basic Configuration
Organization
The name of the organization/company owning the Telecommuting Module.
Organizational Unit
The department using the Telecommuting Module.
Serial number
If you generate more than one certificate with the same information, and you want to give
them separate names and treat them as different certificates, you need to give them different
serial number. Enter a serial number for this certificate here.
Challenge password
Enter a password. This will be used only when revoking a signed certificate.
Create a self-signed X.509 certificate
By entering the requested information above and pressing this button, you can create a cer-
tificate that isn’t signed by any certificate authority (CA). Self-signed certificates are for free,
while certificates signed by an official CA normally are not. Certificates signed by CAs are
automatically accepted by web browsers, while you have to accept self-signed certificates
manually when using them in your web browser.
Create an X.509 certificate request
When pressing this button, you make a certificate request which can be sent to a certificate
authority for signing. The request is downloaded under View/Download on the certificate
page. The signed certificate is uploaded under Import.
Abort
Press the Abort button to return to the Certificates page without creating a new certificate
or certificate request.
CA Certificates
Here, you upload CA certificates and CRLs (Certificate Revocation Lists).
The CAs are used to authenticate peers using IPsec VPN or TLS. Upload one or more CA
certificates here, and then select which CAs to trust for each function in the Telecommuting
Module.
CRLs are used to let the Telecommuting Module know that some of the certificates signed
by a certain CA should not be accepted. This could be useful when laptops with certificates
are stolen. See instructions for your CA on how to make a CRL.
97