8e6 Technologies Enterprise Filter Authentication R3000 User Manual

Size:
6.79 Mb
Download

APPENDIX E OBTAIN OREXPORT ANSSL CERTIFICATE

Fig. E-6Certificatessnap-indialog box

6.Choose “Computer account”, and click Next to go to the Select Computer wizard page:

Fig. E-7Select Computer dialog box

7.Choose “Local computer: (the computer this console is running on)”, and click Finish to close the wizard dialog box.

8.Click Close to close the Add StandaloneSnap-indialog box. ClickOK to close the Add/RemoveSnap-indialog box.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

229

APPENDIX E OBTAIN OREXPORT ANSSL CERTIFICATE

Notice that the snap-inhas now been added to the

Console Root folder:

Fig. E-8Console Root withsnap-in

Export the master certificate for the domain

1.Go to the right panel of the Console and select the master certificate for the domain that you just added.

2.Right-clickthe certificate to open thepop-upmenu, and select All Tasks > Export:

Fig. E-9Select the certificate to be exported

230

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

APPENDIX E OBTAIN OREXPORT ANSSL CERTIFICATE

This action launches the Certificate Export Wizard:

Fig. E-10Certificate Export Wizard

3.Click Next to go to the Export Private Key page of the wizard:

Fig. E-11Export Private Key

4.Select “No, do not export the private key”, and click Next to go to the Export File Format page of the wizard:

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

231

APPENDIX E OBTAIN OREXPORT ANSSL CERTIFICATE

Fig. E-12Export File Format

5.Select “Base-64encoded X.509 (.CER)” and clickNext to go to the File to Export page of the wizard:

Fig. E-13File to Export

6.Enter the File name of the file to be exported, followed by the.cer extension. ClickNext to go to the final page of the wizard:

232

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

APPENDIX E OBTAIN OREXPORT ANSSL CERTIFICATE

Fig. E-14Settings

7.Notice that the specified settings display in the list box, indicating the certificate has been successfully copied from the console to your disk. Click Finish to close the wizard dialog box.

8.Close the Console.

The certificate can now be uploaded to the R3000.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

233

APPENDIX E OBTAIN OREXPORT ANSSL CERTIFICATE

Export a Novell SSL Certficate

1.From the console of the LDAP server, go to the tree in the left panel and open the Security folder to display the contents in the Console View (right panel):

Fig. E-15Novell Console window

2.Find the tree’s folder and right-clickit to open thepop-upmenu. Select Properties to open the Properties dialog box:

Fig. E-16Properties dialog box

234

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

APPENDIX E OBTAIN OREXPORT ANSSL CERTIFICATE

3.Click the Certificates tab to go to the Self Signed Certificate page.

4.Click Export to open the Export A Certificatepop-upwindow:

Fig. E-17Export A Certificatepop-upwindow

5.Select “File in binary DER format” for the Output format. The path of the certificate displays in the Filename field.

6.Click Export to open anotherpop-upwindow that asks where you would like to save thecertificate—themost convenient place would be your desktop.

The certificate can now be uploaded to the R3000.

Obtain a Sun ONE SSL Certificate

Unlike Microsoft or Novell, the Sun ONE LDAP directory does not have a tool for exporting an SSL certificate once it has been imported to the LDAP server.

Therefore, a copy of the root certificate—inthe .cer or .derformat—thatwas used to sign the LDAP server’s certificate must be uploaded to the R3000. This certificate can be an internally generated root certificate (if you have a certificate authority to generate the certificate), or can be the root certificate used by the external signing authority.

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

235

APPENDIX F OVERRIDEPOP-UPBLOCKERS

APPENDIXF

Override Pop-upBlockers

An override account user with pop-upblocking software installed on his/her workstation will need to temporarily disablepop-upblocking in order to authenticate him/herself via the Options page:

Fig. F-1Options page

This appendix provides instructions on how to use an override account if typical pop-upblocking software is installed, as in the following products: Yahoo! Toolbar, Google Toolbar, AdwareSafe, Mozilla Firefox, and Windows XP Service Pack 2 (SP2).

236

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

APPENDIX F OVERRIDEPOP-UPBLOCKERS

Yahoo! Toolbar Pop-upBlocker

If pop-upblocking is enabled

1.In the Options page (see Fig. F-1),enter yourUsername andPassword.

2.Press and hold the Ctrl key on your keyboard while simultaneously clicking theOverride button—thisaction opens the override accountpop-upwindow.

Add override account to the white list

If the override account window was previously blocked by the Yahoo! Toolbar, it can moved from the black list and added to the white list so that it will always be allowed to pass. To do this:

1.Go to the Yahoo! Toolbar and click the pop-upicon to open thepop-upmenu:

Fig. F-2Select menu option Always AllowPop-UpsFrom

2.Choose Always Allow Pop-UpsFrom to open the Yahoo!Pop-UpBlocker dialog box:

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE

237

APPENDIX F OVERRIDEPOP-UPBLOCKERS

Fig. F-3Allowpop-upsfrom source

3.Select the source from the Sources of Recently Blocked Pop-Upslist box to activate the Allow button.

4.Click Allow to move the selected source to the Always AllowPop-UpsFrom These Sources list box.

5.Click Close to save your changes and to close the dialog box.

238

8E6 TECHNOLOGIES, R3000 ENTERPRISEFILTERAUTHENTICATIONUSERGUIDE