21.4 Configuring Certificate Settings
Access Manager components and agents can access the keystore to retrieve certificates, keys, and trusted roots as needed.
Before you proceed with this section, make sure you have already created a certificate. For more information on creating certificates, see Section V, Security and Certificate Management.
21.4.1 Adding Certificates to the SSL VPN Keystore
-
In the Administration Console, select > > .
-
Select from the section. The Certificates for SSL VPN page is displayed.
-
Click . The Keystore: SSL VPN Secure Tunnel page is displayed.
Certificates in the SSL VPN STunnel are used by SSL VPN services for encryption. This page contains the following information:
-
Keystore name: Specifies the name of the keystore to which the certificate belongs.
-
Keystore type: Specifies the type of keystore. It can be Java, PEM, or PKCS12
-
Device: Specifies the IP address of the SSL VPN device.
NOTE:Every imported SSL VPN device has a default certificate.
-
-
To replace the default certificate, click . The Replace dialog box is displayed.
Fill in the following fields:
-
Certificates: Click the icon to browse and select the certificate that you want to associate with SSL VPN.
-
Alias(es): You can provide an alternate name for the certificate you are importing.
-
-
Click to save changes.
-
To save your modifications, click then click on the Configuration page.
21.4.2 Adding Trusted Roots for SSL VPN
A trust store contains certificates from a certificate authority (CA). These certificates are self-signed and are recognized as representing a CA that is trusted. When creating a trust store, you can assign trust stores to devices and add trusted root certificates to the new trust stores.
NOTE:Trusted roots need not be configured for SSL VPN.