You need to have a pre-shared key/password/pass phrase or an X.509 certificate before trying to configure a Roadwarrior or Net-to-Net VPN connection. These are methods of authentication, which identify the user trying to access the VPN. They will be required in the VPN configuration stage.
Create and manage X.509 Certificates on this web page.
To create the IPCop's Root and Host certificates, click on thebutton.
This opens another screen, shown below, where you need to enter details for the certificates. The fields Organization Name, IPCop's Hostname and Country are mandatory (where IPCop's Hostname is usually already populated with the hostname or IP address of the Red Interface).
Once you have entered all the information, click thebutton again to generate both X.509 root and host certificates.
The organization name you want used in the certificate.
For example, if your VPN is tying together schools in a school
district, you may want to use something like
Some School District.
IPCop's Hostname. This should be the fully qualified domain name of your IPCop's WAN connection. If you have a fixed IP then you can also enter this here. If you are using a dynamic DNS service, use it.
Your E-mail Address - optional. Your E-mail address, so that folks can get hold of you.
The next three fields: department, city, and state or province are optional. You can leave them out if you wish.
Your Department - optional.
This is the department or suborganization name.
Continuing the school district example, this could be
My Elementary School.
City - optional. The city or mailing address for your machine.
State or Province - optional. The state or province associated with the mailing address.
Country. This pull down selection menu contains every ISO recognized country name. Use it to select the country associated with the certificate.
Subject Alt Name - optional. The subject alternative name extension allows additional identities to be bound to the subject of the certificate. Defined options include an Internet electronic mail address, a DNS name, an IP address, and a uniform resource identifier (URI).
The SubjectAltName extension is defined in RFC 3280, section 220.127.116.11.
After completing the form, click on thebutton to generate the certificates.
If desired, you can generate several root and host certificates on a single IPCop, and then export them to PKCS12 format files, encrypted with a password. You can then email them as attachments to your other sites.
Using thesection of this web page, you can upload and decrypt the certificates on a local IPCop machine.
To upload a CA from a remote machine, give it a name in the
CA Name field, which can be anything, but
make it something meaningful.
If the remote IPCop is CompanyGateway then just name the CA
Company, and the connection
CompanyNet (for a Net-to-Net connection).
To view, download or delete a Certificate, click on the appropriate icon in the Action column.
Press the all certificate based connections.button to remove the root CA, the host certificate and