D-Link DFL-260E User Manual for DFL-260E - Page 476
Placement of Private CA Servers, Turning Off validation, Disable CRLs
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 476 highlights
9.7. CA Server Access Chapter 9. VPN Placement of Private CA Servers The easiest solution for placement of a private CA server is to have it on the unprotected side of the NetDefend Firewall. This however, is not recommended from a security viewpoint. It is better to place it on the inside (or preferably in the DMZ if available) and to have NetDefendOS control access to it. As explained previously, the address of the private CA server must be resolvable through public DNS servers for certificate validation requests coming from the public Internet. If the certificate queries are coming only from the NetDefend Firewall and the CA server is on the internal side of the firewall then the IP address of the internal DNS server must be configured in NetDefendOS so that these requests can be resolved. Turning Off validation As explained in the troubleshooting section below, identifying problems with CA server access can be done by turning off the requirement to validate certificates. Attempts to access CA servers by NetDefendOS can be disabled with the Disable CRLs option for certificate objects. This means that checking against the CA server's revocation list will be turned off and access to the server will not be attempted. 476