Page 26 / 120 Scroll up to view Page 21 - 25
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
2-8
Installing the SSL312
v1.1, November 2006
d.
If you plan a single arm topology, clear the Enable Routing Mode checkbox. If you plan a
routing topology, check the Enable Routing Mode checkbox and enter your chosen
Ethernet Port 2 IP Address and Subnet Mask.
e.
Click Apply. If you changed the IP address for the Ethernet Port to which you are
connected, you will now lose your connection to the SSL VPN Concentrator.
Installing the SSL VPN Concentrator
You are now ready to physically install your SSL VPN Concentrator using the following steps:
1.
Turn off the power to the SSL VPN Concentrator and connect it to your network in your
chosen topology.
For a single arm topology, connect Ethernet Port 1 to your corporate network and leave
Ethernet Port 2 disconnected.
For a routing topology, connect Ethernet Port 1 to your public network and Ethernet Port 2
to your corporate network.
2.
Turn on the power to the SSL VPN Concentrator.
3.
From a PC on your corporate network, open a suitable browser and access the SSL VPN
Concentrator web management interface by typing
https://[IP_address]
, where IP_address is
the address that you assigned to the SSL312 Ethernet Port that is connected to the corporate
network.
4.
Log in as admin using the new password that you assigned. You can now continue the
configuration of your SSL VPN Concentrator.
Managing Certificates
Establishing an SSL connection requires that the SSL server, such as your SSL VPN Concentrator,
provide a digital SSL certificate to the user’s browser. A certificate is a file that contains:
A public encryption key to be used for encrypting your messages to the server.
Information identifying the operator of the server.
A digital signature confirming the identity of the operator of the server.
Page 27 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Installing the SSL312
2-9
v1.1, November 2006
You can obtain a certificate from a well-known commercial Certificate Authority (CA) such as
Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA
takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a
strong assurance of the server’s identity. A self-signed certificate will trigger a warning from most
browsers as it provides no protection against identity theft of the server.
Your SSL VPN Concentrator contains a self-signed certificate from NETGEAR. NETGEAR
recommends that you replace this certificate prior to deploying the SSL VPN Concentrator in your
network.
From the Certificates menu, you can view the currently loaded certificates, upload a new
certificate and generate a Certificate Signing Request (CSR).
Obtaining a Certificate from a Certificate Authority
To obtain a certificate from a CA, you must generate a Certificate Signing Request (CSR) for your
SSL VPN Concentrator. The CSR is a file containing information about your company and about
the device that will hold the certificate. Refer to the CA for guidelines on the information you
include in your CSR.
To generate a new Certificate Signing Request (CSR) file:
Page 28 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
2-10
Installing the SSL312
v1.1, November 2006
1.
Under the System Configuration menu in the left navigation pane, select Certificates. The
Certificates screen displays.
2.
In the Digital Certificate Management section, click New CSR/CRT. The Create CSR
screen
displays.
Figure 2-5
Page 29 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Installing the SSL312
2-11
v1.1, November 2006
3.
Fill out all of the fields with the appropriate information. This information will appear in your
certificate and will be visible to users.
4.
Click Apply. A file download screen will display. Click Save to save the
CSR
.
ZIP
file to a disk
location. You will need to provide this file to the Certificate Authority.
5.
Contact the CA to purchase your certificate using the CSR file you generated.
6.
When you receive your certificate from the CA, store the certificate file on your PC.
7.
Upload and enable the certificate according to the instructions later in this chapter.
Generating a Self-Signed Certificate
As an alternative to obtaining a certificate from a CA, you can generate a self-signed certificate for
your SSL VPN Concentrator.
To generate a self-signed certificate file:
1.
Under the System Configuration menu in the left navigation pane, select Certificates. The
Certificates menu will display as shown in the previous section.
Figure 2-6
Page 30 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
2-12
Installing the SSL312
v1.1, November 2006
2.
In the Digital Certificate Management section, click New CSR/CRT. The Create CSR
screen
will display.
3.
Fill out all of the fields with the appropriate information. This information will appear in your
certificate and will be visible to users.
4.
Check the Generate a Self-signed Certificate checkbox to generate a new CRT.
5.
Click Apply. If all information is entered correctly, a file download screen displays. Click Save
to save the
CRT
.
ZIP
file to a disk location. This file includes a
SERVER
.
CRT
and a
SERVER
.
KEY
key file.
6.
Upload and enable the certificate according to the instructions later in this chapter.
Uploading and Enabling the New Certificate
For uploading to the SSL VPN Concentrator, the certificate information must be in a zipped file
containing a certificate file named
SERVER
.
CRT
and a certificate key file named
SERVER
.
KEY
. If the
zipped file does not contain these two files, the zipped file will not be uploaded. Any file name
will be accepted, but it must have the
.
ZIP
extension..
To upload and enable the new certificate:
1.
Under the System Configuration menu in the left navigation pane, select Certificates. The
Certificates menu will display as shown in the previous section.
2.
In the Import Digital Certificate table, select Browse to locate the zipped digital certificate file
on your disk or network drive.
3.
Click Upload to save the file to the Cert Description table. Once the certificate has been
uploaded, the certificate is displayed in the Current Certificates table.
Note:
Do not upload the CSR file to the SSL VPN Concentrator.
Note:
Valid certificates generated by an authorized Certificate Authority (CA) require
a password. Before you enable the certificate and restart the software, be sure
to enter the correct certificate password on the Enable Certificate window.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top