User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
Using the Certificate Manager 6-29
202-10015-01
•On the Configuration Parameters dialog box, the Trust this certificate for IP security
check box is selected.
• When you view or verify the certificates, for Enh KeyUsage, the option IP security end
system appears.
• Root CAs that have issued a personal certificate to any of the computer's users
• All root CAs installed on your computer (the local machine)
The trust policy also applies to personal certificates issued by a CA in the trust hierarchy for
remote parties that your security policy allows you to communicate with.
Set the Trust Policy
The trust policy for certificates specifies which root CA certificates the client considers valid for
IPSec communications. When you set the trust policy on the Trust Policy tab in the Certificate
Manager, the trust policy selected on the Root CA Certificates and Root CA Certificates tabs
changes to reflect the Trust Policy tab setting.
1. In the Certificate Manager, click the Trust Policy tab.
2. In the Specify which root certificate authorities (CAs) to trust group, select the trust policy:
• To trust only those root CA certificates configured to be trusted for IPSec sessions, click
Trust specific root CAs.
• To trust only root CA certificates that issued a personal certificate to any of the computer's
users, click Trust CAs that have issued a local personal certificate.
• To trust all the root CAs installed on your computer, click Trust all root CAs installed on
this computer
Caution: Depending on the operating system and Internet Explorer version installed on
your computer, there may be at least 100 root CA certificates on your computer. Before
you select this option, carefully consider the security ramifications.
The trust policy you select takes effect immediately.
Set the Trust Policy and View Trusted Root CA Certificates
Typically, you select the trust policy for the client on the Certificate Manager's Trust Policy tab.
The Root CA Certificates tab displays the trusted root CA certificates.