User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
Using the Certificate Manager 6-3
202-10015-01
There are two types of CA certificates:
• A root CA certificate is signed by and issued to itself—that is, the issuer and subject are the
same.
• A subordinate or intermediate CA certificate is issued by a CA other than itself. A subordinate
certificate can be issued by a root CA or another subordinate CA.
Also required for the client user is a personal certificate, which contains information about the user
(client) that uniquely identifies it. This is requested by the client, and issued by a subordinate CA.
CAs that support SCEP may also employ a registration authority (RA), which is a network
authority that collects and verifies certificate request information for the CA, and then signs
responses on behalf of the CA. The CA, however, actually issues the certificates. These CAs may
include RA certificates with CA certificates.
CA Enrollment Methods and Procedures
To communicate securely with certificates, you need three certificates issued by a CA:
1. Root CA certificate
2. Subordinate CA certificate
Note: CAs that support Simple Certificate Enrollment Protocol (SCEP) may employ a
registration authority (RA). The CA may include one or more RA certificates with the CA
certificate.
3. Personal certificate (and keys)
To obtain certificates, you must enroll with a CA. There are two ways to enroll through the client:
• Online enrollment, which uses SCEP. SafeNet recommends this method.
a. Obtain the CA's certificate server DNS name or IP address to make this request. Follow
the instructions for the particular CA.
You can also obtain personal and CA certificates for IPSec through Microsoft Internet
Explorer or an email program.
Note: To access the Microsoft CSP, Internet Explorer 5.01 or later must be installed on
your computer.
b. Retrieve a CA certificate online.
c. Request a personal certificate online.