Novell BorderManager 3.9 VPN services are significantly different from the VPN services of all earlier versions of the software. The VPN services are enabled for iManager 2.6. VPN services provide extensive facilities to set up and configure site-to-site and client-to-site services. This section discusses how to get the certificates to set up the VPN services.
Certificates, trusted root objects, and trusted root containers are needed to log in to VPN services and configure client-to-site and site-to-site services. Some of these entities can be automatically created and are available by default. See Section 15.1, Automated Creation of eDirectory Certificates or Objects to understand which items you do not need to create.
NOTE:Although an administrator can create certificates for any user using the ConsoleOne® or the iManager snap-ins, only the user can export those certificates into a file. However, an administrator can export a user certificate using the PKI Certificate Console. If the administrators needs to export the certificates, they must inform the user before exporting the certificates
The following list explains the entities required to configure the site-to-site and client-to-site services:
For Site-to-Site
Server Certificate
Trusted Root Container in the eDirectory context of the Master VPN server
Trusted Root Objects in Trusted Root Container
For Client-to-Site
Server Certificate
Trusted Root Container in the eDirectory context of the server
Trusted Root Objects in the Trusted Root Container
User Certificate(s)
Also see the Novell Certificate Server documents for more details.
IMPORTANT:It is recommended that you use iManager on a different server that on which the site-to-site VPN services are running.