[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Secure Remote w/ PKI
SR works well with other PKIs. Verisign has an OnSite managed PKI offering that works with FW-1. Also, Microsoft certificate services work well for both firewall and SR certificates. Basically as long as the PKI can generate and export PFX standard certificates, SR can import them. Things to watch out for: 1) CN (common name) - Must be the username as listed in FW-1 user database 2) CRL - Make sure that the CRL location is accessible by the firewalls with certificates (HTTP or LDAP are normal methods) 3) Educate users on strong passwords for the certificates. Regular password policies don't apply to client certificates, which can dramatically reduce the effectiveness of certificates as an authentication mechanism. HTH, --- Gavin -----Original Message----- From: TAM,MATTHEW-SK (HP-HongKong,ex1) [mailto:[email protected]] Sent: Wednesday, January 17, 2001 22:17 To: '[email protected]' Subject: [FW1] Secure Remote w/ PKI Hi all, Have anyone have any experience with Secure Remote and PKI? From the doc, it seems Secure Remote only natively support Entrust Certificates. Or can it import any X.509 certificate like the VPN-1 gateways? Any links can be referenced for this issue? Thanks! Regards, Matthew Tam HP Consulting Hewlett-Packard (Hong Kong) Limited mailto: [email protected] Tel: (852) 2599-7403 fax: (852) 2506-3592 ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|