Managing certificates on Soft-PK
4-6
Installing and Working with Soft-PK
Managing
certificates on
Soft-PK
If you are using digital certificate authentication in your VPN, you
should provide your end users with the information and files needed
to set up the necessary certificates on their Soft-PK client. This section
provides a basic overview of what you need to do and includes (or
provides cross-reference to) the appropriate procedures.
IMPORTANT:
The firewall self-signed or CA root certificate should always be present on
the Soft-PK client before configuring the client certificate.
Setting up Sidewinder self-signed certificates
If you are using Sidewinder self-signed digital certificates, as
administrator, do the following.
1.
If not already done, create and export a firewall certificate. See "Creating
& exporting a firewall certificate" on page 3-4 for details.
Note:
You must have the firewall certificate configured in the Soft-PK system before you
import the personal certificate.
2.
If not already done for each end user, create and export a remote
certificate and convert to PKCS12. See "Creating & exporting remote
certificate(s)" on page 3-6 for details.
3.
Provide instructions for importing the self-signed firewall certificate. A
copy of this procedure is provided in this chapter, see "Importing a CA
root or self-signed firewall certificate into Soft-PK" on page 4-9 and
included in the
UserWorksheet.doc
file.
4.
Provide instructions for importing the self-signed personal certificate. A
copy of this procedure is provided in this chapter, see "Importing a
personal certificate into Soft-PK" on page 4-11 and included in the
UserWorksheet.doc
file.