Transmit Private Key and Certificate to User
Transmit the client certificate and the pass phrase protected private key to the user in a secure
manner. Never send the password phrase in an e-mail message.
The user will then need to import the received client certificate into his or her Web browser or
e-mail program. For more information about importing certificates, refer to the help system of
the destination Web browser or e-mail program.
Managing Revocation of Client Certificates
Certificate revocation lists (CRLs) are maintained by certificate authorities to recall client
certificates that are no longer considered trustworthy. The reasons for this can be that the client
certificate may have been issued by mistake, or that the subject accidentally has revealed the
private key.
By keeping a certificate revocation list on your SSL server, client certificates sent to the server
are checked against the CRL. If a match is found, the SSL session is terminated. This mode
of operation requires, first of all, that you have configured the virtual SSL server to always
require client certificates. (For more information, see
Configure a Virtual SSL Server to Require
a Client Certificate
on page 101). You must also regularly check with the certificate authorities
you trust for their latest CRLs.
Moreover, if you take on the role of a certificate authority by issuing your own client certificates,
you will also need to maintain your own certificate revocation lists. This can be done by listing
the serial numbers of the client certificates you want to revoke in an ASCII file. You may also
specify the serial number of a particular client certificate directly in the command line interface
by using the add command in the Revocation menu.
Revoking Client Certificates Issued by an External CA
1. Specify the CA certificate, to which you want to add a CRL.
The certificate you specify must be a CA certificate from the same certificate
authority that published the CRL you are about to add. To view basic information
about available certificates, use the
/info/certs
command.
>> Main#
cfg/cert
Enter certificate number: (1-)
1
(example)
Certificates and Client Authentication
108 User Guide
April 2013
Comments? [email protected]
Summary of Contents for 3050-VM
Page 1: ...User Guide Avaya VPN Gateway Release 9 0 NN46120 104 Issue 04 04 April 2013 ...
Page 4: ...4 User Guide April 2013 Comments infodev avaya com ...
Page 12: ...12 User Guide April 2013 ...
Page 20: ...New in this release 20 User Guide April 2013 Comments infodev avaya com ...
Page 30: ...Introducing the VPN Gateway 30 User Guide April 2013 Comments infodev avaya com ...
Page 36: ...Introducing the ASA 310 FIPS 36 User Guide April 2013 Comments infodev avaya com ...
Page 74: ...Upgrading the AVG Software 74 User Guide April 2013 Comments infodev avaya com ...
Page 86: ...Managing Users and Groups 86 User Guide April 2013 Comments infodev avaya com ...
Page 130: ...The Command Line Interface 130 User Guide April 2013 Comments infodev avaya com ...
Page 162: ...Supported Ciphers 162 User Guide April 2013 Comments infodev avaya com ...
Page 212: ...Syslog Messages 212 User Guide April 2013 Comments infodev avaya com ...
Page 242: ...Definition of Key Codes 242 User Guide April 2013 Comments infodev avaya com ...
Page 259: ...Creating a Port Forwarder Authenticator User Guide April 2013 259 ...
Page 266: ...Using the Port Forwarder API 266 User Guide April 2013 Comments infodev avaya com ...
Page 274: ...X 509 274 User Guide April 2013 Comments infodev avaya com ...