User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
6-2 Using the Certificate Manager
202-10015-01
Getting Started with the Certificate Manager
If you are using preshared keys for authentication in your VPN, or secure connection, to the other
party, you don't have to open the Certificate Manager; skip all the topics in the Certificate Manager
book in the help.
If you are using certificates for authentication with the remote party to your VPN, and don't
already have a CA and personal certificate, you need to obtain these. However, depending on your
network and installed applications and hardware at any particular site, specific tasks may not
apply; additional tasks may be required. For details on the tasks to perform, contact your network
security administrator.
These are the typical tasks to perform to obtain and manage certificates:
1. Select a CA.
2. Determine its enrollment method; go to CD enrollment methods and procedures.
3. Obtain a CA and personal certificate. There are three methods for doing this:
• Online enrollment
• File-based enrollment
• Through Internet Explorer
The help contains topics on these methods; go to the Obtain certificates book in the
Certificate Manager book.
4. Manage the various certificates obtained. In the help, go to the Manage certificates book in
the Certificate Manager book.
5. Work with certificate revocation lists (CRLs).
6. Set the trust policy.
What are Certificates?
To set up a VPN, or secure connection, between the client installed on your computer and a remote
party, both parties must identify themselves, and then verify that each is really who it indicates it
is. One way to do this is with a preshared key that both parties know in advance.
A more secure way to identify the two parties is through certificates. A certificate is an electronic
document that contains a public key and is digitally signed by the third-party entity that issued it,
called a certificate authority (CA) or certification authority. Because it validates the identities of
the two VPN parties, it must be trusted. set the trust policy in the Certificate Manager.