Avaya 3.7 User Manual

4. From the Maintain Certificates list select the certificate that you want the VPNmanager 

Console to use.

5. The default VSU certificate is identified by an asterisk in the MGR column. Although a 

specific certificate may have other targets, as assigned through the IKE Certificate Usage 
tab (See 

), the VPNmanager Console can still use it.

6. Click Use as Manager Certificate to make the VPNmanager Console a target of the 

certificate.

Targets use an Issuer Certificate to authenticate a Signed Certificate. VSU targets can 
dynamically store up to eight Issuer Certificates. Storage on VPNremote Client targets is only 
limited by the amount of physical memory of the computer. Issuer Certificates must be installed 
on targets before they are needed to authenticate a Signed Certificate. This section explains 
how to retrieve and install Issuer Certificates for VSU targets. For information about installing 
Issuer Certificates on VPNremote clients, see the VPNremote Administrator’s Guide.

The Signed Certificates stored in VSUs are X.509 public-key certificates. They’re used for 
distributing a public-key of the VSU to targets (other VSUs, VPNremote Clients, and IKE 
compatible clients). Every Signed Certificate identifies which Public Key Infrastructure (PKI) 
System has signed it. However, targets must use a method to authenticate every Signed 
Certificate they receive.

An Issuer Certificate may be called a “Signing Certificate” or “Certification Authority (CA) 
Certificate.”Targets use an Issuer Certificate to authenticate a Signed Certificate. Therefore, the 
Issuer Certificate must be from the same PKI System, as the Signed Certificate was signed by 
the issuer’s private key. 

 illustrates how Issuer Certificates fit in the scheme of signed 

certificate exchange.