advertisement
![Local Keys. Novell Security Manager Powered by Astaro | Manualzz Local Keys. Novell Security Manager Powered by Astaro | Manualzz](http://s1.manualzz.com/store/data/007137896_1-a17efecedb9e2e8f08b58a95e42a20ae-360x466.png)
Using Novell Security Manager
4.7.3. Local Keys
The Local Keys menu allows an administrator to manage local X.509 certificates, to define the local IPSec identifier, and to generate a local RSA key pair.
Local IPSec X.509 Key
In this window, you can define local keys for X.509 certificates provided you have already generated these certificates in the IPSec VPN/CA Man-
agement menu. Chapter 4.7.6 on page 241 describes the process of generating X.509 certificates.
Local Certificate: Select here the certificate for the X.509 authentication
This menu only contains those certificates for which the associated private
key is available.
Passphrase: In the entry field, enter the password used to secure the private key.
The Active Key will appear with its name in the Local IPSec X.509 Key window. If you choose a new local key, the old key will automatically be replaced.
Novell Security Manager will use the ID and public/private key pair of the current Local X.509 Key to identify, authenticate, and encrypt X.509
IPSec key exchanges.
RSA Authentication
For the authentication via RSA each side of the connection requires a key pair consisting of a Public Key and a Private Key. The key pair is created in two steps in the Local IPSec RSA Key window: First, the Local IPSec
Identifier is defined and then the key pair generated.
1. In the Local IPSec RSA Key window, define a unique VPN
Identifier.
IPv4 Address: For static IP addresses.
Hostname: For VPN security gateways with dynamic addresses.
E-Mail Address: For mobile (road warrior) connections.
Save the settings by clicking Save.
235
Using Novell Security Manager
2. Generate a new RSA Key, by selecting the key length from the RSA
Key Length drop-down menu.
Important Note:
The key length must be identical on both Security Managers.
Depending on the selected key length and the processor of the security solution, the generation of RSA keys can take several minutes.
3. When you click Save, the system will begin generating a new RSA key pair.
Then the active Public Key will be displayed in the Local Public RSA Key window. The Public Key from this window will be exchanged with the respective end point, e.g. via e-mail.
The Public Key from the endpoint will be entered later into the Remote
Keys menu in the Public Key window. The Remote Keys menu is described in chapter 4.7.4 on page 237.
PSK Authentication
For authentication through Preshared Keys (PSK), in this menu no additional configuration for the local IPSec key is required!
During the key exchange using IKE Main Mode, only IPv4 Addresses are supported as IPSec identifiers. The IPSec identifier in the IKE Main Mode is automatically encrypted with the PSK, and so PSK cannot be used for authentication. The IP addresses of IKE connections are automatically used as
IPSec identifiers.
You generate the PSK Key in the IPSec VPN/Remote Keys menu. It will automatically be used as the Local PSK Key as well.
236
advertisement
Related manuals
advertisement
Table of contents
- 9 Introduction to the Technology
- 15 Installation
- 16 System Requirements
- 18 Installation Instructions
- 18 Software Installation
- 22 Configuring Security Manager
- 27 WebAdmin
- 27 Info Box
- 27 Tab List
- 28 Menus
- 28 The Status Light
- 28 Selection Field
- 29 The Selection Table
- 30 Drop-down Menus
- 30 Lists
- 31 Online Help
- 31 Refresh
- 32 Using Novell Security Manager
- 34 Basic Settings (System)
- 34 Settings
- 38 Licensing
- 40 Up2Date Service
- 45 Backup
- 51 Remote Syslog Server
- 52 User Authentication
- 53 Novell eDirectory
- 55 RADIUS
- 58 SAM – NT/2000/XP
- 60 Active Directory/NT Domain Membership
- 62 LDAP Server
- 71 WebAdmin Settings
- 72 WebAdmin Site Certificate
- 74 High Availability
- 79 Shut down/Restart
- 80 Networks and Services (Definitions)
- 80 Networks
- 85 Services
- 88 Users
- 90 Time Events
- 92 Network Settings (Network)
- 92 Hostname/DynDNS
- 93 Interfaces
- 97 Standard Ethernet Interface
- 101 Additional Address on Ethernet Interface
- 103 Virtual LAN
- 107 PPPoE-DSL Connection
- 111 PPTPoE/PPPoA-DSL Connections
- 115 PPP over Serial Modem Line
- 119 Bridging
- 120 Routing
- 123 NAT/Masquerading
- 126 Masquerading
- 127 Load Balancing
- 128 DHCP Service
- 133 PPTP VPN Access
- 138 Accounting
- 139 Ping Check
- 140 Intrusion Protection
- 140 Settings
- 141 Rules
- 144 Portscan Detection
- 146 DoS/Flood Protection
- 150 Advanced
- 152 Packet Filter
- 152 Rules
- 163 Advanced
- 167 Application Gateways (Proxies)
- 174 Content Filter (Surf Protection)
- 196 Content Filter
- 199 Spam Protection
- 206 Content Filter
- 212 SOCKS
- 214 Ident
- 215 Proxy Content Manager
- 220 Virtual Private Networks (IPSec VPN)
- 226 Connections
- 232 Policies
- 235 Local Keys
- 237 Remote Keys
- 240 L2TP over IPSec
- 241 CA Management
- 244 Advanced
- 247 System Management (Reporting)
- 247 Administration
- 248 Virus
- 248 Hardware
- 249 Network
- 249 Packet Filter
- 249 Content Filter
- 250 PPTP/IPSec VPN
- 250 Intrusion Protection
- 250 HTTP Proxy Usage
- 250 Executive Report
- 251 Accounting
- 252 System Information
- 254 Remote Management (Remote Management)
- 254 Report Manager (RM)
- 257 Local Logs (Log Files)
- 257 Settings
- 260 Local Log File Query
- 261 Browse
- 264 Log Files
- 267 Error Codes
- 276 HTTP Proxy Messages
- 278 Online Help
- 279 Exiting Novell Security Manager
- 280 Glossary
- 285 Index