Netgear UTM25 – ProSECURE Unified Threat Management (UTM) Appliance 사용자 설명서

The vpnsetup.ini file must be located in the same folder as the VPN Client setup.exe 
file. The vpnsetup.ini file consists of several sections, tags, and values. One of the 
sections is the PKI Options section, in which you can define how the VPN Client selects and 
uses certificates from smart card readers and token readers.

The following is an example of the PKI Options section in the vpnsetup.ini file:

[PKIOptions] 

PkiCheck=01 

SmartCardRoaming=01 

NoCACertReq=01 

KeyUsage=01 

PKCS11Only=01

In this example, the VPN Client is configured to do the following:

Validate the root certificate authority when it receives a certificate from the VPN gateway 
(PkiCheck=01)

Use any certificate from the card reader that is configured in the VPN configuration 
(SmartCardRoaming=01)

Use a certificate from a certificate authority that is different from the VPN gateway 
(NoCACertReq=01)

Use only an authentication certificate for which the digitalSignature key extension is 
configured (KeyUsage=0)

Use only PKCS #11 middleware to access tokens or smart cards (PKCS11Only=01)

The following table describes the PKI options parameters that let you define rules for 
certificate handling in the vpnsetup.ini file.

This option lets you specify a 
particular certificate among multiple 
ones. For example, this is useful when 
several certificates with the same 
subject are stored on a smart card or 
token.

Not configured. The VPN Client can select 
any certificate.

01. The VPN Client uses only an 
authentication certificate for which the 
digitalSignature key extension is 
configured.

This option lets you specify that the 
VPN Client and VPN gateway can use 
certificates from different certificate 
authorities.

Not configured. The VPN Client and VPN 
gateway must use certificates from the 
same certificate authority.

01. The VPN Client and the VPN gateway 
can use certificates from different 
certificate authorities.