Certificate
Use the certificate common object to configure the certificates for the Screen and for remote hosts that will communicate securely through the Screen.
Note -
Changes to the certificate object that pertain to loading into SKIP take effect immediately without having to be saved. You cannot use the Cancel Changes button to undo the changes you made. Changes to the certificate object as stored in the common objects do not take effect immediately and must be save and only take effect when the policy in which they are used is activated. For example, in adding a new certificate, (the certificate is created and loaded immediately into SKIP, but the name has not been saved as part of the common objects and must be saved. Renaming a certificate only affects the common objects and must be saved.
Generate Screen Certificate
Generate screen certificate generates a certificate for the Screen. FIGURE 5-20 shows the Certificate dialog box.
Figure 5-20 Certificate Dialog Box for Generate Screen Certificate
TABLE 5-20 describes the controls for the Certificate dialog box for generate Screen certificate.
Table 5-20 Controls for the Certificate Dialog Box for Generate Screen Certificate|
Control |
Description |
|---|---|
|
Name |
Specifies a name for the certificate. |
|
Description |
(Optional) Provides a brief description about the certificate object. |
|
Screen |
Specifies the Screen that recognizes the certificate object. The default is All. |
|
Installed On |
(Optional) Specifies the Screen on which the certificate is generated. |
|
Radio buttons |
Specifies the strength of encryption that the Screen uses. |
|
Generate New Certificate |
Generates the certificate. The Certificate ID field displays the certificate's certificate ID. |
|
OK Button |
Stores the new or changed information and makes the Save Changes command button active. |
|
Cancel Button |
Cancels any new or changed information. |
|
Help Button |
Calls up the page of online help for this common object. |
Associate MKID
Associate MKID, also called the certificate ID, assigns a name to a certificate that exists on another machine. Associate a certificate ID for encrypted communication between two screens or between a screen and an Administration Station. FIGURE 5-21 shows the Certificate dialog box for Associate MKID.
Figure 5-21 Certificate Dialog Box for Associate MKID
TABLE 5-21 describes the controls for the Certificate dialog box for associate MKID.
Table 5-21 Controls for Associate MKID Certificate Dialog Box|
Control |
Description |
|---|---|
|
Name |
Specifies the name for the certificate ID object. |
|
Description |
(Optional) Provides a brief description about the MKID or certificate ID object. |
|
Screen |
Specifies which Screen recognizes the certificate ID object. The default is All. Specifying a Screen allows you to define packet-filtering rules that encrypt traffic between any two machines, not just between an Administration Station and a Screen. Specify the Screen only if you are using Centralized Management. A common object or policy rule applies to all Screens unless you choose a specific Screen. |
|
Installed On |
(Optional) Used only if you later remove this certificate object from the common objects. At that time, the SKIP identity that is installed on the Screen will be removed from the parameter. |
|
Certificate ID |
Specifies the certificate ID (hash value) for the certificate that you generated on the other system. |
|
Radio Buttons |
Specifies the strength of encryption that the Screen uses. |
|
Generate New Certificate |
Generates the certificate. The Certificate ID field displays the certificate's certificate ID. |
|
OK Button |
Stores the new or changed information and makes the Save Changes command button active. |
|
Cancel Button |
Cancels any new or changed information. |
|
Help Button |
Calls up the page of online help for this common object. |
- © 2010, Oracle Corporation and/or its affiliates