Certificate-Based Authentication

Novell® BorderManager® 3.8 Virtual Private Network (VPN) services are significantly different from the VPN services of all earlier versions of the software. The VPN services are enabled for iManager 2.0.1. For details see Installing iManager 2.0.1 Snap-Ins . VPN services provide extensive facilities to set up and configure site-to-site and client-to-site services. This section discusses how to get the certificates to set up the VPN services.

Certificates, trusted root objects, and trusted root containers are needed to log into VPN services and configure client-to-site and site-to-site services. Some of these entities can be automatically created and are available by default. See Automated Creation of eDirectory Certificates or Objects to understand which items you do not need to create.

NOTE:  Although an administrator can create certificates for any user using the ConsoleOne® or the iManager snap-ins, only the user can export those certificates into a file. However, an administrator can export a user certificate using the PKI Certificate Console. If the administrators needs to export the certificates, they must inform the user before exporting the certificates

The following list explains the entities required to configure the site-to-site and client-to-site services:

Also see the Novell Certificate Server documents for more details.

IMPORTANT:  We recommend useing iManager on a different server than on which the site-to-site VPN services are running.