User's Manual
Table Of Contents
- Reference Manual for the NETGEAR ProSafe VPN Client
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Installation
- Chapter 4 Configuring L2TP Connections
- Chapter 5 Using the Security Policy Editor
- What is the Security Policy Editor?
- Basic Steps to Configure a Security Policy
- How to Secure All Connections
- How to Configure Global Policy Settings
- How to Configure Other Connections
- How to Add and Configure a Connection
- How to Enter a Preshared Key
- How to Configure a Gateway
- Configure My Identity
- Configure Security Policy Connection Options
- Configure Authentication (Phase 1)
- Configure Key Exchange (Phase 2)
- Edit a Distinguished Name
- Configure and Manage Connections
- Manage Proposals
- Manage Redundant Gateways
- Manage the Security Policy
- Chapter 6 Using the Certificate Manager
- What is the Certificate Manager?
- Obtain Certificates
- With Online (SCEP) Enrollment
- CAs that Support SCEP
- Retrieve a CA Certificate Online
- Configure a CA Certificate
- Use an HTTP Proxy Server for Online Certificate Requests and CRL Updates
- Import a CA Certificate
- Select a CSP
- Request a Personal Certificate
- Define How Often to Check for and Retrieve New Personal Certificates
- Retrieve a Personal Certificate Manually
- Manage Certificate Requests
- With Manual (File-Based) Enrollment
- Obtain Certificates Through Internet Explorer
- With Online (SCEP) Enrollment
- Manage Certificates
- Manage Certificate Revocation Lists (CRLs)
- Manage the Trust Policy
- Chapter 7 Using Sessions
- Chapter 8 Distributing Customized Profiles
- Chapter 9 Troubleshooting
- Appendix A Networks, Routing, and Firewall Basics
- Appendix B Virtual Private Networking
- Appendix C NETGEAR ProSafe VPN Client to NETGEAR FVS318 or FVM318 VPN Routers
- Appendix D NETGEAR VPN Client to NETGEAR FVL328 or FWAG114 VPN Router
- Glossary
- Index
Reference Manual for the NETGEAR ProSafe VPN Client
6-26 Using the Certificate Manager
202-10015-01
Manage Certificate Revocation Lists (CRLs)
A certificate revocation list (CRL) is a list of certificates that the issuing CA rescinded before their
expiration dates. This may occur when, for example, a user's name or address changes or the user
leaves the company. When you retrieve or import a certificate from a CA, it typically contains a
CRL. If it doesn't, you can import one. You can view a CRL on the CRLs tab in the Certificate
Manager.
The client can periodically poll, or check for, CA CRL distribution sites and then retrieve the latest
CRLs. You must define the site and polling interval.
1. In the Certificate Manager, view a personal certificate.
2. On the certificate, if the CRL Dist. Point entry contains an URL, jot down what precedes the
:// in the URL: http, file, or ldap.
3. In the Security Policy Editor, click Options>Certificate Settings. The Certificate Settings
dialog box opens.
4. The CRL Dist. Point entry on the personal certificate you just viewed determines your next
step:
• If there was no CRL Dist. Point entry, clear the Enable automatic CRL retrieval check
box.
• If the CRL Dist. Point entry contained an URL, take these steps:
– Select the Enable automatic CRL retrieval check box.
–In the CRL retrieval interval (hours) box, specify how often the client checks for
and retrieves new CRLs from the CA; type the number of hours, from 1 through 24,
between these checks. The default is 24 hours.
– The URL's scheme name determines whether you must complete the Default LDAP
Server for CRLs box: