Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] CA & IKE

To: "'MIS'" <[email protected]>, FW1 mailinglist <[email protected]>
Subject: RE: [FW1] CA & IKE
From: Emmanuel Bailleul <[email protected]>
Date: Wed, 31 Jan 2001 09:33:38 +0100
Sender: [email protected]

Didn't try yet but it should.
After you have setup your Win2K CA server :
1. Create a CA server in your fw
2. Generate a certificate request for your fw object (manage network objects
-> your_fw_object, in the certificate tab)
3. Install the generated certificate for the fw
4. Generate a user certificate and create a pkcs12 export of it
5. Import it in securemote (certificates -> import). This will create an
entrust profile (.epf file)
6. Last but not the least, don't forget to have your crl server online (LDAP
or HTTP) as fw-1 will not accept securemote connections if you don't have
one (even if the list is empty ...).
7. Update site in SR

This works with pki other than entrust (baltimore, RSA Keon) and even with
non opsec ones (OpenSSL). For the latter, this is a little bit more tricky
as you have to use HTTP-based crl server and so you have to  create all your
client certificates with the CRLdistributionPoint extension in it.

Emmanuel Bailleul
Ascom Adilan SA
Parc des Glaisins
14, Rue du Pré-Paillard
74940 ANNECY-LE-VIEUX
Tel. +33 (0)4 50 64 02 49
Fax. +33 (0)4 50 64 09 98
WEB: http://www.adilan.fr

"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème" - Devise
Shadock

-----Message d'origine-----
De: MIS [mailto:[email protected]]
Date: mardi 30 janvier 2001 20:45
À: FW1 mailinglist
Objet: [FW1] CA & IKE 



Can Win2k CA be use to issue certificate for SecuRemote IKE encryption?
If yes, any procedure how to set it up?

Thanks in advance 


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Ident authentication?
Next by Date: Re: [FW1] Rulebase - export to a text file or excel ?
Previous by thread: [FW1] CA & IKE
Next by thread: [FW1] VPN-1 and SecuRemote
Index(es):
- Date
- Thread