Local Keys. Novell Security Manager Powered by Astaro

Add to My manuals
292 Pages

advertisement

Local Keys. Novell Security Manager Powered by Astaro  | Manualzz

Using Novell Security Manager

4.7.3. Local Keys

The Local Keys menu allows an administrator to manage local X.509 certificates, to define the local IPSec identifier, and to generate a local RSA key pair.

Local IPSec X.509 Key

In this window, you can define local keys for X.509 certificates provided you have already generated these certificates in the IPSec VPN/CA Man-

agement menu. Chapter 4.7.6 on page 241 describes the process of generating X.509 certificates.

Local Certificate: Select here the certificate for the X.509 authentication

This menu only contains those certificates for which the associated private

key is available.

Passphrase: In the entry field, enter the password used to secure the private key.

The Active Key will appear with its name in the Local IPSec X.509 Key window. If you choose a new local key, the old key will automatically be replaced.

Novell Security Manager will use the ID and public/private key pair of the current Local X.509 Key to identify, authenticate, and encrypt X.509

IPSec key exchanges.

RSA Authentication

For the authentication via RSA each side of the connection requires a key pair consisting of a Public Key and a Private Key. The key pair is created in two steps in the Local IPSec RSA Key window: First, the Local IPSec

Identifier is defined and then the key pair generated.

1. In the Local IPSec RSA Key window, define a unique VPN

Identifier.

IPv4 Address: For static IP addresses.

Hostname: For VPN security gateways with dynamic addresses.

E-Mail Address: For mobile (road warrior) connections.

Save the settings by clicking Save.

235

Using Novell Security Manager

2. Generate a new RSA Key, by selecting the key length from the RSA

Key Length drop-down menu.

Important Note:

The key length must be identical on both Security Managers.

Depending on the selected key length and the processor of the security solution, the generation of RSA keys can take several minutes.

3. When you click Save, the system will begin generating a new RSA key pair.

Then the active Public Key will be displayed in the Local Public RSA Key window. The Public Key from this window will be exchanged with the respective end point, e.g. via e-mail.

The Public Key from the endpoint will be entered later into the Remote

Keys menu in the Public Key window. The Remote Keys menu is described in chapter 4.7.4 on page 237.

PSK Authentication

For authentication through Preshared Keys (PSK), in this menu no additional configuration for the local IPSec key is required!

During the key exchange using IKE Main Mode, only IPv4 Addresses are supported as IPSec identifiers. The IPSec identifier in the IKE Main Mode is automatically encrypted with the PSK, and so PSK cannot be used for authentication. The IP addresses of IKE connections are automatically used as

IPSec identifiers.

You generate the PSK Key in the IPSec VPN/Remote Keys menu. It will automatically be used as the Local PSK Key as well.

236

advertisement

Related manuals

Download PDF

advertisement

Table of contents