| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Client Auth with SSL
- To: [email protected]
- Subject: Re: [FW-1] Client Auth with SSL
- From: "Grabowski, David" <[email protected]>
- Date: Tue, 5 Mar 2002 13:15:28 -0500
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcHEbeUfGo08G7rnSGuJ7TcBdsuhQQAA4DVw
- Thread-topic: Re: [FW-1] Client Auth with SSL
At the time that I originally implemented this (almost 2 years ago), it
wasn't documented anywhere. I just stumbled upon it when tweaking around
and reading thru some CP KB articles that referred to how to get the
webserver to talk SSL when acting as a proxy (or something like that).
The epiphany occurred at just the point you mention -- putting both
"ssl" and the cert name together.
I don't know if this will work with NG or not -- never tried it. Works
like a champ under 4.1.
-----Original Message-----
From: Don [mailto:[email protected]]
Sent: Tuesday, March 05, 2002 12:51 PM
To: [email protected]
Subject: Re: [FW-1] Client Auth with SSL
> 1. Define the root CA in your firewall policy (install the root
> certificate)
> 2. Create a certificate request for your firewall using that CA within
> the policy editor
> 3. Have the CA generate a certificate
> 4. Install the certificate in the firewall policy
This under NG and I believe I can use the predefined objects for this.
> 5. Edit fwauthd.conf so that it has a line like this (assuming port
443
> for ssl)
>
> 443 in.ahclientd ssl:CertName (whatever you named the cert
> in the firewall policy in step 2)
AHHH! I tried just ssl and that did not work. I also tried the CertName
but that did not work. I never tried combining them.
May I ask where this is documented? I have not been doing a terribly
good
job at finding documentation recently.
Thanks for the help,
-don
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
#####################################################################################
CONFIDENTIAL: This e-mail, including its contents and attachments, if any, are confidential. It is neither an offer to buy or sell, nor a solicitation of an offer to buy or sell, any securities or any related financial instruments mentioned in it. If you are not the named recipient please notify the sender and immediately delete it. You may not disseminate, distribute, or forward this e-mail message or disclose its contents to anybody else. Unless otherwise indicated, copyright and any other intellectual property rights in its contents are the sole property of Fuji Securities Inc.
E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
Although we routinely screen for viruses, addressees should check this e-mail and any attachments for viruses. We make no representation or warranty as to the absence of viruses in this e-mail or any attachments. Please note that to ensure regulatory compliance and for the protection of our customers and business, we may monitor and read e-mails sent to and from our server(s).
#####################################################################################
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
