SR works well with other PKIs. Verisign has an OnSite managed PKI
offering that works with FW-1. Also, Microsoft certificate services work
well for both firewall and SR certificates. Basically as long as the PKI
can generate and export PFX standard certificates, SR can import them.
Things to watch out for:
1) CN (common name) - Must be the username as listed in FW-1 user
database
2) CRL - Make sure that the CRL location is accessible by the firewalls
with certificates (HTTP or LDAP are normal methods)
3) Educate users on strong passwords for the certificates. Regular
password policies don't apply to client certificates, which can
dramatically reduce the effectiveness of certificates as an
authentication mechanism.
HTH,
--- Gavin
-----Original Message-----
From: TAM,MATTHEW-SK (HP-HongKong,ex1) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 17, 2001 22:17
To: '[EMAIL PROTECTED]'
Subject: [FW1] Secure Remote w/ PKI
Hi all,
Have anyone have any experience with Secure Remote and PKI? From the
doc,
it seems Secure Remote only natively support Entrust Certificates. Or
can
it import any X.509 certificate like the VPN-1 gateways? Any links can
be
referenced for this issue?
Thanks!
Regards,
Matthew Tam
HP Consulting
Hewlett-Packard (Hong Kong) Limited
mailto: [EMAIL PROTECTED]
Tel: (852) 2599-7403
fax: (852) 2506-3592
========================================================================
========
To unsubscribe from this mailing list, please see the instructions
at
http://www.checkpoint.com/services/mailing.html
========================================================================
========
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
