Cisco OL-5490-01 User's Guide Page 49

  • Download
  • Add to my manuals
  • Print
  • Page
    / 92
  • Table of contents
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews
Page view 48
4-5
VPN Client User Guide for Mac OS X
OL-5490-01
Chapter 4 Configuring Connection Entries
Authentication Methods
Figure 4-4 Certificate Authentication
Step 2 Select a certificate from the Name drop-down menu.
If the Name field displays No Certificates Installed, you must first enroll or import a certificate before
you can use this feature. See the “Enrolling Certificates” section on page 6-2 or “Importing a Certificate”
section on page 6-7 for more information.
Step 3 To send CA certificate chains, check the Send CA Certificate Chain check box. This parameter is
disabled by default.
A CA certificate chain includes all CA certificates in the certificate hierarchy from the root certificate.
This must be installed on the VPN Client to identify each certificate. This feature enables a peer VPN
Concentrator to trust the VPN Client's identity certificate given the same root certificate, without having
the same subordinate CA certificates actually installed.
The following is an example of a certificate chain:
On the VPN Client, you have this chain in the certificate hierarchy:
a. Root Certificate
b. CA Certificate 1
c. CA Certificate 2
d. Identity Certificate
On the VPN Concentrator, you have this chain in the certificate hierarchy
a. Root Certificate
b. CA Certificate
c. Identity Certificate
Though the identity certificates are issued by different CA certificates, the VPN device can still trust the
VPN Client's identity certificate, because it has received the chain of certificates installed on the VPN
Client PC.
This feature provides flexibility because the intermediate CA certificates do not need to be installed on
the peer.
Step 4 Click Save. The Connection Entry dialog box closes and you return to the Connection Entries tab.
Page view 48
1 ... 48 49 50 ... 92

Comments to this Manuals

No comments