Академический Документы
Профессиональный Документы
Культура Документы
This process is fairly straightforward. The first step is to create a valid certificate, import the certificate into the user browser(s) and then download the CA certificate. Next this certificate will be uploaded into the SA SSL VPN. Then an authorization server will be created along with a user realm that will use the authorization server. Finally it will be necessary to add the new realm to a sign page(s). This is a high level overview and assumes familiarity with the certificate generation process and a degree of familiarity with the SA SSL VPN unit. This document is intended to assist in the creation of a test environment. For assistance with production installations please contact the author. This document does not cover the creation or implementation of a certificate server. For explanatory and test purposes a certification server was setup on a Windows 2003 Domain Controller and was used for generation of the browser and SA SSL VPN certifications. The author assumes that the individuals reading this document will either create a test CA server or will have access to a production instance of same.
The following screen will be displayed: Select the Submit > button
The following screen will be displayed. Click Yes to continue. This will generate the user certificate for installation in the browser.
The following screen will be displayed. Click on Install this certificate to install into your local browser.
The following screen will be displayed. Click Yes to continue the installation of the certificate.
The following screen will be displayed upon completion of the install. Click the Home radio button to continue. To verify certificate installation into the browser Select Internet Options/Content/Certificates from the Tools tab. The certificate should be shown under the Personal settings. (Based on IE7 settings)
Generate a CA Certificate for installation into the SA SSL VPN unit: The following screen will be displayed. Select Download a CA Certificate
The following screen will be displayed. The CA certificate name should match to your Cert Server name. Select an Encoding Method of Base 64 and then select Download CA certificate
The following screen will displayed. Save the file to your local hard drive.
From this screen select the Browse button, navigate to the downloaded CA Certificate and select the Import Certificate button.
The following screen will be displayed. Select the Save Changes button to finish the import process
Authentication Server Setup Page (Authentication / Auth. Servers) This page is used to define the Authentication Server that will be used by the user defined realm for login purposes. For basic certificate authentication use the default value for User Name Template.
Basic Certification Realm Setup (Users / User Realms) This page is used to tie the authentication server setup above to the realm that will use certificates for authentication. Note that Directory/Attribute is left set to None. This is recommended until basic login functionality has been validated. Once that takes place then set this to LDAP or another appropriate value.
Basic Role Map setup for Certification Login Until sign-in via certification server is validated it is recommended that the role mapping be left generic as follows: