User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
6-14 Using the Certificate Manager
202-10015-01
In the Key Generation Options group, specify whether the private key associated with the
personal certificate you're requesting can be exported to, for example, transfer it to another
computer or make a backup copy. By default, the private key cannot be exported; the
Generate exportable key check box is clear. To make the key exportable, select the Generate
exportable key check box.
7. To select the CSP or assign the default CSP, click Advanced.
8. Click OK.
• For online certificate requests only: This submits your request. The Key Generation
message box opens while the client generates a public/private key pair, and then closes.
The Online Certificate Request message box opens when the client submits your
request.
When the CA receives (accepts) your request, a confirmation message may open; click
OK.
It may take some time for the CA to approve your request. The client checks the CA at a
defined interval for approved personal certificates to retrieve. To change this polling
interval, go to Define how often to check for personal certificates to retrieve.
• For file-based certificate requests only: When a message box opens confirming that the
certificate request file was created, click OK.
To find out how to send the certificate request file to the CA and receive the certificate file
when the CA returns it; this process varies with each CA, contact the specific CA.
Create a Personal Certificate File to Import
After you create and manually submit a personal certificate request file to a CA, and the CA
approves the request, this CA returns a certificate to you in an email. You must create a certificate
file from the email so that you can Import the personal certificate to the Certificate Manager.
The certificate request approval process varies with each CA. This is an example of the typical
process:
1. Submit the personal certificate request file you created, CertReq.req, to the CA, according to
the instructions the CA or your network security administrator provides.
When the CA approves your certificate request, it sends you an email that contains the
certificate.
This is a sample email returned by the CA: