Presentation is loading. Please wait.

Presentation is loading. Please wait.

X. 509 Certificates By: Darren Critchley. What are X.509 Certifiates? They are a method for authenticating an end user of a VPN They can be used for other.

Published byKristopher Dickerson Modified over 8 years ago

Similar presentations

Presentation on theme: "X. 509 Certificates By: Darren Critchley. What are X.509 Certifiates? They are a method for authenticating an end user of a VPN They can be used for other."— Presentation transcript:

1 X. 509 Certificates By: Darren Critchley

2 What are X.509 Certifiates? They are a method for authenticating an end user of a VPN They can be used for other things, but we will focus on VPN usage They are very similar to the SSL Certificates generated for websites They are generated on the NetSentron and Signed by the NetSentron The PREFFERED method of connection VPN's – much more secure Works for Net to Net and RoadWarrior

3 Configure NetSentron to be a Certificate Authority Go to VPN page (We will assume that the VPN setup is already configured) Click on Generate Root/Host Certificates Enter an Organization Name Enter the NetSentron's hostname – it is recommended to put in a fully qualified domain name here (Hostname.Domainname.com) The next four items are optional, but we recommend at least putting in a City and Province Select your Country Click Generate Root/Host Certificates (may take time on slower machines) You should now be back at the VPN page and there should be Certificates showing in the Certificate Authorities section.

4 Create a new VPN Connection for x509 Roadwarrior Follow the directions from the previous section for XP RoadWarrior, but do not choose Pre-Shared Key Select Generate a certificate Enter a user name or hostname – this identifies the certificate The rest of the options marked with a blue dot are optional and some have already been filled in for you Enter a password and confirm it. Remember or write down this password, you will need it later to import the certificate into another machine Click Save After a moments you will be returned to the VPN page, you should see your new connection. It will have two new icons associated with it. The 'i' is for seeing information about the certificate the Blue Floppy Disk is for exporting the certificate

5 Roadwarrior using x509 and the Linsys VPN Client Create a VPN connection for Roadwarrior and generate a certificate Export the certificate Click on the Blue Floppy Disk icon for the certificate you wish to export (Note IE Users may have to right click, save as) The certificate should be exported as a.p12 file type Copy the certificate to your XP Roadwarrior machine Start the Linsys VPN client and configure a VPN connection as explained in the previous sections with the exception of the Authentication Method, choose Certificate instead of PreShared Key Click on the icon next to the word Certificate

6 Click on My Certificates Click on the Green Plus sign Click on the Yellow folder and navigate to where you put the exported certificate from the NetSentron Enter the password that you entered on the NetSentron Click Exportable (checked) Click the Green Arrow, a dialog in a foreign language will pop up, click OK Your imported certificate should now be showing in the list, double click on it You will now be returned to the main Linsys screen, you should see some entries in the text area for the certificate along the lines of C=”CA”, O=” Save your connection and test it.

7 NetSentron to NetSentron Enable remote access to the GUI on the remote NetSentron Generate Host/Root Certificates on both the local and the Remote NetSentrons On each NetSentron we need to export the ROOT and HOST Certificates To export, go to the VPN page Scroll down to Certificate Authorities Click on the Blue Floppy Disk in the Root Certificate (Note: IE users may have to Right Click and Save As) Give the exported Root Certificate a meaningful name, do not take the default cacert.pem (ie HeadOffice_cacert.pem) Click on the Blue Floppy Disk in the Host Certificate (Note: IE users may have to Right Click and Save As) Gice the exported Host Certificate a meaningful name, do not take the default hostcert.pem (ie HeadOffice_hostcert.pem)

8 Once you have the Host and Root Certificates for each NetSentron exported, we can then import them into the respective NetSentrons Go to the VPN page and scroll down to Certificate Authorities Type a name into the CA Name text box that describes the remote NetSentron. Click Browse to find the certificates that we exported previously and select the Root certificate of the remote NetSentron (the one that contains cacert.pem) Click Upload CA Certificate – it will take a few seconds, but when it is done, you should see a new line in the Certificate Authorities section. Repeat this procedure on the Remote NetSentron Configure a Net to Net VPN Configuring a net to net x509 VPN is almost identical to creating a net to net Pre-Shared Key VPN except we don't enter a Pre-Shared Key Under the Authentication section, select Upload a certificate Click Browse to find the certificates that we exported previously and select the Host certificate of the remote NetSentron (the one that contains hostcert.pem) Click Save Repeat the procedure on the Remote NetSentron

Download ppt "X. 509 Certificates By: Darren Critchley. What are X.509 Certifiates? They are a method for authenticating an end user of a VPN They can be used for other."

Similar presentations

E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.

E-books and E-journals Off-campus This presentation will show you how to log in and access Oxford Brookes Library e-books and e-journals when youre off.
Screenshots with Instructions December 2009. Access UNCPs VCL www.uncp.edu/doit/vcl/ Access UNCPs VCL via DoITs website at the URL above. Instructions.

Screenshots with Instructions December Access UNCPs VCL Access UNCPs VCL via DoITs website at the URL above. Instructions.
Home This training presentation is designed to introduce the Residency Management Suite to new users. This presentation covers the following topics: Login.

Home This training presentation is designed to introduce the Residency Management Suite to new users. This presentation covers the following topics: Login.
X10 hosting Sign up for free account. Enter a domain name click continue Then Enter your email address Enter a password.

X10 hosting Sign up for free account. Enter a domain name click continue Then Enter your address Enter a password.
Editing Your Faculty Homepage  This tutorial will go through the steps for editing your Faculty homepage.  Thank you to Ryan Vyborny for letting me use.

Editing Your Faculty Homepage  This tutorial will go through the steps for editing your Faculty homepage.  Thank you to Ryan Vyborny for letting me use.
OpenCMS and the MSASS Website. A Note on Terminology Locking a file for editing: No lockNOT locked You have write/edit access Someone else has write.

OpenCMS and the MSASS Website. A Note on Terminology Locking a file for editing: No lockNOT locked You have write/edit access Someone else has write.
DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.

DAP-1520 FAQ’s Wireless AC750 Dual Band Range Extender.
Downloading, Installing, and Working with Dropbox.

Downloading, Installing, and Working with Dropbox.
XP Road Warrior Connection By: Darren Critchley. What is Road Warrior? Remote client such as a salesperson who needs to connect to the main office LAN.

XP Road Warrior Connection By: Darren Critchley. What is Road Warrior? Remote client such as a salesperson who needs to connect to the main office LAN.
XP Information Technology Center - KFUPM1 Microsoft Office FrontPage 2003 Creating a Web Site.

XP Information Technology Center - KFUPM1 Microsoft Office FrontPage 2003 Creating a Web Site.
Welcome to the Ivy Tech Community College Online Employment System Applicant Tutorial.

Welcome to the Ivy Tech Community College Online Employment System Applicant Tutorial.
TRIRIGA Anywhere 10.4 Beta Registration Steps

TRIRIGA Anywhere 10.4 Beta Registration Steps
Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.

Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.
Inventory Throughout this slide show there will be hyperlinks (highlighted in blue) follow the hyperlinks to navigate to the specified Topic or Figure.

Inventory Throughout this slide show there will be hyperlinks (highlighted in blue) follow the hyperlinks to navigate to the specified Topic or Figure.
Chapter Accreditation Online System Usage Tutorial Department of Member Relations & Grants National Children’s Alliance.

Chapter Accreditation Online System Usage Tutorial Department of Member Relations & Grants National Children’s Alliance.
1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,

1 The VPN Menu. 2 The VPN Menu VPN The GD eSeries can be set up either as an OpenVPN server or as a client, and even play both roles at the same time,
Office 2003 Advanced Concepts and Techniques M i c r o s o f t Outlook Project 2 Scheduling Management and Instant Messaging Using Outlook.

Office 2003 Advanced Concepts and Techniques M i c r o s o f t Outlook Project 2 Scheduling Management and Instant Messaging Using Outlook.
Step 1 - Start your PC and place your Windows XP CD in your CD/DVD- ROM drive. Your PC should automatically detect the CD and you will get a message saying.

Step 1 - Start your PC and place your Windows XP CD in your CD/DVD- ROM drive. Your PC should automatically detect the CD and you will get a message saying.
Connecting to Secure Wi-Fi in QSB Boardroom Locations 01 September 2013.

Connecting to Secure Wi-Fi in QSB Boardroom Locations 01 September 2013.
Welcome to the Southeastern Louisiana University’s Online Employment Site Applicant Tutorial!

Welcome to the Southeastern Louisiana University’s Online Employment Site Applicant Tutorial!

Similar presentations

Ads by Google