Netgear 05200007 User Manual

Using the Certificate Manager

6-29

•

On  the  Configuration Parameters dialog box, the Trust this certificate for IP security 
check box is selected.

•

When you view or verify the certificates, for Enh KeyUsage, the option IP security end 
system appears. 

•

Root CAs that have issued a personal certificate to any of the computer's users

•

All root CAs installed on your computer (the local machine)

The trust policy also applies to personal certificates issued by a CA in the trust hierarchy for 
remote parties that your security policy allows you to communicate with. 

The trust policy for certificates specifies which root CA certificates the client considers valid for 
IPSec communications. When you set the trust policy on the Trust Policy tab in the Certificate 
Manager, the trust policy selected on the Root CA Certificates and Root CA Certificates tabs 
changes to reflect the Trust Policy tab setting. 

1.

In the Certificate Manager, click the Trust Policy tab.

2.

In the Specify which root certificate authorities (CAs) to trust group, select the trust policy: 

•

To trust only those root CA certificates configured to be trusted for IPSec sessions, click 
Trust specific root CAs. 

•

To trust only root CA certificates that issued a personal certificate to any of the computer's 
users, click Trust CAs that have issued a local personal certificate.

•

To trust all the root CAs installed on your computer, click Trust all root CAs installed on 
this computer

Caution: Depending on the operating system and Internet Explorer version installed on 
your computer, there may be at least 100 root CA certificates on your computer. Before 
you select this option, carefully consider the security ramifications. 

The trust policy you select takes effect immediately.

Typically, you select the trust policy for the client on the Certificate Manager's Trust Policy tab. 
The Root CA Certificates tab displays the trusted root CA certificates.