User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
6-6 Using the Certificate Manager
202-10015-01
6.
Click OK. In a few seconds, the Root or CA Certificate Store dialog box opens and prompts
you to add the CA certificate to the client's root or CA store, according to the type of CA
certificate you retrieved.
7. Click Yes. The certificate displays on the appropriate tab, Root CA Certificates or CA
Certificates, in the Certificate Manager. If the retrieved CA certificate included RA
certificates, these display on the RA Certificates tab.
Configure a CA Certificate
If you did not request your CA certificate online, but the CA you requested it from supports SCEP,
before you can request a personal certificate online—that is, through SCEP enrollment—you must
change this CA certificate's parameters to make it appear as if you requested it online. When the
client is managed by a policy management application, the CA certificate may need to be
configured, too.
For root CA certificates, you can also specify whether the certificate is trusted for IP security
(IPSec).
1. In Certificate Manager, click the tab for the specific certificate type:
• For a root CA certificate, Root CA Certificates
• For a subordinate CA certificate, CA Certificates
2. On this tab, click the certificate to configure.
3. Click Configure. The Configuration Parameters dialog box opens.
4. In the CA Domain box, type the CA's domain name, such as alphabeta.com.
5. In the Online Certificate Server box, type the complete URL, including the schema, such as
http://, of the CA's certificate server.
6. For Root CA certificates only: To specify that this certificate is trusted for IPSec
communications, select the Trust this certificate for IP security check box.
The next time you view or verify this certificate, for Enh KeyUsage, IP security end system
appears as the value.
7. Click OK.
Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
These blocks of IP addresses are reserved for private use by the Internet Assigned Numbers
Authority (IANA):