NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] CA & IKE



After finish all the step below
I use user certicate to logon

the error say
user cn=test,o=abc,c=us is unknow

How do the fw know what certificate for what user?

Also, there is no where in the FW workstation, user, or CA property
say that it should point to the CA server by IP address to get the user
certificate

Can any body help clear this?


-----Original Message-----
From: Emmanuel Bailleul [mailto:[email protected]]
Sent: Wednesday, January 31, 2001 1:34 AM
To: 'MIS'; FW1 mailinglist
Subject: RE: [FW1] CA & IKE


Didn't try yet but it should.
After you have setup your Win2K CA server :
1. Create a CA server in your fw
2. Generate a certificate request for your fw object (manage network objects
-> your_fw_object, in the certificate tab)
3. Install the generated certificate for the fw
4. Generate a user certificate and create a pkcs12 export of it
5. Import it in securemote (certificates -> import). This will create an
entrust profile (.epf file)
6. Last but not the least, don't forget to have your crl server online (LDAP
or HTTP) as fw-1 will not accept securemote connections if you don't have
one (even if the list is empty ...).
7. Update site in SR

This works with pki other than entrust (baltimore, RSA Keon) and even with
non opsec ones (OpenSSL). For the latter, this is a little bit more tricky
as you have to use HTTP-based crl server and so you have to  create all your
client certificates with the CRLdistributionPoint extension in it.

Emmanuel Bailleul
Ascom Adilan SA
Parc des Glaisins
14, Rue du Pré-Paillard
74940 ANNECY-LE-VIEUX
Tel. +33 (0)4 50 64 02 49
Fax. +33 (0)4 50 64 09 98
WEB: http://www.adilan.fr

"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème" - Devise
Shadock

-----Message d'origine-----
De: MIS [mailto:[email protected]]
Date: mardi 30 janvier 2001 20:45
À: FW1 mailinglist
Objet: [FW1] CA & IKE



Can Win2k CA be use to issue certificate for SecuRemote IKE encryption?
If yes, any procedure how to set it up?

Thanks in advance


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.