191
CA is used. If needed, the SX-GATE CA and the key for SX-GATE's VPN server will
be initialized, first.
Please read on at
Issue new VPN server certificate
Please read on at
Please read on at
Issue new VPN server certificate
On this screen you have to enter the certificate subject.
CN
If SX-GATE has a static Internet IP address or a certain DNS name, you should supply
it here. Otherwise choose a name which is rather unambiguous.
Subject alternativ names
The certificate subject is a composition of all the data you entered before. You can add
an optional alternative name to the subject. Enter either the DNS name or the Internet
IP of SX-GATE.
It is not necessary to fill something in unless MacOS VPN clients
are used. MacOS clients expect the server certificate to contain
a subject alternative name. It must contain the server address
as configured in the MacOS client.
Key strength
Old systems like e.g. Windows XP before SP3 might only support keys with max. 2048
bit and an SHA1 hash.
Certificate request
Entering this screen, a certificate request will be generated on SX-GATE. You can sign
it now with the CA certificate.
Extended Key Usage: server authentication
It is recommended to enable this option. By default the Windows IPsec client requires
the VPN server certificate to include this "Extended Key Usage" value.