Administration
Managing Certificates for Authentication
Cisco SA 500 Series Security Appliances Administration Guide
212
9
-
Notification
(level 5): Normal but significant condition. Syslog definition
is LOG_NOTICE.
-
Information
(level 6): Informational messages only. Syslog definition is
LOG_INFO.
-
Debugging
(level 7): Debugging messages. Syslog definition is
LOG_DEBUG.
For example: If you select Critical, all messages listed under the Critical,
Emergency, and Alert categories are logged.
•
Logs Facility:
Choose the type of facility from which to generate logs:
Kernel, System, Wireless, IPS, ProtectLink, VPN, Firewall or Network. For a
description of the facilities, see
View All Logs, page 46
.
STEP 3
Check the box for each event that you want to display in the local log or to send to
the syslog server.
STEP 4
Click
Apply
to save your settings, or click
Reset
to revert to the saved settings.
Managing Certificates for Authentication
Digital Certificates (also known as X509 Certificates) are used to authenticate the
identity of users and systems, and are issued by Certification Authorities (CA)
such as VeriSign, Thawte and other organizations. Digital Certificates are used by
this router during the Internet Key Exchange (IKE) authentication phase to
authenticate connecting VPN gateways or clients, or to be authenticated by
remote entities.
•
Trusted Certificates (CA Certificate):
Trusted Certificates or CA
certificates are used to verify the validity of certificates signed by them.
When a certificate is generated, it is signed by a trusted organization or
authority called the Certificate Authority. The table contains the certificates
of each CA. When a remote VPN gateway or client presents a digital
certificate, the authentication process verifies that the presented certificate
is issued by one of the trusted authorities. The Trusted CA certificates are
used in this authentication process.
•
Active Self Certificates:
This table lists the certificates issued to you by
trusted Certification Authorities (CAs), and available for presentation to
remote IKE servers. The remote IKE server validates this router using these
certificates. The certificate authority (CA) requires the contents of the self