Beruflich Dokumente
Kultur Dokumente
Contents
1 Requirement Analysis...........................................................................................3
2 Solution..................................................................................................................3
2.1 Authentication Base on Username/Password.....................................4
2.2 Authentication base on username/password + USB-Key..................9
2.3 Authentication Base on Username/Password + Software Certificate
17
3 Achievement........................................................................................................22
2 / 24
1 Requirement Analysis
2 Solution
3 / 24
2.1 Authentication Base on Username/Password
Key authentication)
According to the normal SSLVPN configuration to configure it in caose of
any configuration mistakes to cause the access of SSLVPN.
4 / 24
5 / 24
6 / 24
7 / 24
(2) Access from client, use username/password to login, then download and
install the SSLVPN client software.
Firstly,use https://x.x.x.x:4433 (x.x.x.x is firewall IP address of internet
egress interface) , input username and password to download the client
software.
8 / 24
Thirdly , use the username and password to login, verify if the normal
configuration of Username/Password is correct.
Above two steps that could verify if the SSLVPN works and the client
installed successfully.
9 / 24
respectively).
1) Please follow the above steps to finish the basic configuration of SSLVPN and
login successfully, then enable the authentication of certificate method,
otherwise it will be hard to define the root cause while errors happen.
2) Enter into firewall webui System page, under PKI trusted domain, create new
trust domain and import the CA root certificate.
Notice: Here is to import the CA root certificate, the target is to make the
firewall authenticate the USB-Key.
10 / 24
3) Edit the configuration of SSLVPN again, and use the authentication base
on certificate.
11 / 24
4) Install USB-Key drive in the SSLVPN client
12 / 24
Insert the Ukey of Hillstone into PC, install the drive, and then find it from
the windows program, to open USB-Key Token management tool USB-Key
Manager tool, login and input the default PIN:1234.
13 / 24
Must import the certificate which was published by the CA server, need to
set personal certificate protection password while export from server.
14 / 24
15 / 24
5) Login SSLVPN client, change the mode as authentication base on
username/password +Digital Certification
16 / 24
17 / 24
2.3 Authentication Base on Username/Password + Software
Certificate
For this chapter, we will still use the authentication method but without
USB-Key hardware verification method, we are importing the certificate to
the Windows system, which is called software Authentication method.
(1) Please take Chapter 2.1 as the reference for the basic configuration of
SSLVPN。
(2) Please take the first step, second step and the third step of chapter 2.2 as
reference, create trust domain in the device, import CA root certificate, and
enable the certificate authentication method in the configuration of SSLVPN
.
(3) Find the client certificate, double click to install it, or you can install the
electronic certificate in the IE browser and Chrome browser.
18 / 24
The personal certificate protection passoword was set by the Certification
Authority, if select from the Windows CA certification server, then need to
19 / 24
input the protection password while export the personal certification.
20 / 24
21 / 24
Install the certificate successfully.
22 / 24
23 / 24
3 Achievement
Certificate.rar
24 / 24