Netgear SRX5308 SRX5308 Reference Manual - Page 245
Managing Digital Certificates, Table 7-6. Edit User Settings continued
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 245 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual Table 7-6. Edit User Settings (continued) Setting Idle Timeout Description (or Subfield and Description) The period after which an idle user is automatically logged out of the Web Management Interface. De default idle timeout period is 10 minutes. 4. Click Apply to save your settings. Managing Digital Certificates The VPN firewall uses digital certificates (also known as X509 certificates) during the Internet Key Exchange (IKE) authentication phase to authenticate connecting IPsec VPN gateways or clients, or to be authenticated by remote entities. The same digital certificates are extended for secure Web access connections over HTTPS (that is, SSL connections). Digital certificates either can be self-signed or can be issued by certification authorities (CAs) such as an internal Windows server or an external organizations such as Verisign or Thawte. However, if the digital certificate contains the extKeyUsage extension, the certificate must be used for one of the purposes defined by the extension. For example, if the digital certificate contains the extKeyUsage extension that is defined for SNMPV2, the same certificate cannot be used for secure Web management. The extKeyUsage would govern the certificate acceptance criteria on the VPN firewall when the same digital certificate is being used for secure Web management. On the VPN firewall, the uploaded digital certificate is checked for validity and purpose. The digital certificate is accepted when it passes the validity test and the purpose matches its use. The check for the purpose must correspond to its use for IPsec VPN, SSL VPN, or both. If the defined purpose is for IPsec VPN and SSL VPN, the digital certificate is uploaded to both the IPsec VPN certificate repository and the SSL VPN certificate repository. However, if the defined purpose is for IPsec VPN only, the certificate is uploaded only to the IPsec VPN certificate repository. The VPN firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to be authenticated by remote entities. A digital certificate that authenticates a server, for example, is a file that contains the following elements: • A public encryption key to be used by clients for encrypting messages to the server. • Information identifying the operator of the server. • A digital signature confirming the identity of the operator of the server. Ideally, the signature is from a trusted third party whose identity can be verified. Managing Users, Authentication, and Certificates v1.0, April 2010 7-17