Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
661662663664665666667668669670
“main” (Installation and Administration) 2004/6/25 13:29 page 641 #667
i
i
i
i
i
i
i
i
26
Security in the Network
Note
This program normally installs to C:/Programs/
ResourceKit. However, it is not much use at this point be-
cause it is a command line–based program and therefore needs
to be copied into a directory in which executable files are stored.
We recommend copying ipsecpol.exe to C:/WINNT and the
corresponding DLLs to C:/WINNT/System. ipsecpol must be
executed as administrator.
Note
Configuring the Required Snap-Ins
Open MMC on the Windows client. In the start menu, go to ‘Run’
‘MMC’. In MMC, click ‘File’ ‘Add/Remove Snap-In’. A dialog opens in
which you may see active snap-ins. Click ‘Add’. A selection window opens
to display all available snap-ins. ‘Certificates’ ‘Add’ takes you to the con-
figuration wizard. Here, select ‘Computer Account’ and click ‘Next’. Select
‘Local Computer‘Finish’ then ‘IP Security Guidelines Management’
‘Add’. A configuration wizard opens in which to select ‘Local Computer
‘Finish’. Click ‘Close’ then ‘OK’.
Importing a Client Certificate
The two snap-ins that have been added can be seen in the MMC. Open the
‘Certificates’ directory. Right-click ‘Own Certificates’. In the drop-down
menu, select ‘All Tasks’ ‘Import’. The certificate wizard opens. Select
‘Next’ ‘Search’. Under ‘File Type’, enter ‘Private Information Exchange’
(*.pfx,*.p12). Select the exported PKCS12 file and click ‘Next’. Enter the
password used in the YaST CA Management module to export the certifi-
cates. Click ‘Next’. Now select ‘Save All Certificates in Following Storage’
‘auto’ then ‘Next’ ‘Finish’. A dialog indicates if the import procedure
has succeeded. Click ‘OK’.
Noting Important Certificate Data
The prepared IPsec sample configuration normally already contains the
correct DN of the CA (‘Issuer’). In MMC, click ‘File’ ‘Save’. Save your
configuration with the suggested name at the suggested location. To es-
tablish whether the certificate data is correct, open the ‘Own Certificates’
directory in MMC again and open ‘Certificates’. Right-click the certificate
and select ‘Open’ from the drop-down menu then the ‘Details’ tab.
641SUSE LINUX Enterprise Server