4.1.3.1. Procedure – Encrypting the communication between PNS and the authentication agent (Windows)

Purpose: 

To enable encryption between PNS and the authentication agent, complete the following steps. For the steps to be completed from MC, see Chapter 11, Key and certificate management in PNS in Proxedo Network Security Suite 1.0 Administrator Guide.

Steps: 

  1. Create a CA (for example, AA_CA) using the Management Console (MC). This CA will be used to sign the certificates shown by the PNS firewalls to the authentication agents.

  2. Export the CA certificate into DER format.

  3. Generate certificate request(s) for the PNS firewall(s) and sign it with the created in Step 1.

    Note

    Every firewall should have its own certificate. Do not forget to set the firewall as the Owner host of the certificate.

  4. Distribute the certificates to the firewalls.

  5. Install the Authentication Agent (AA) application to the workstations and import to each machine the CA certificate exported in Step 2.

    There are three ways to import the CA certificate:

    1. Using the installer of the Authentication Agent.

    2. Manually using the addcert and getcert programs (see Procedure 4.1.3.2, Importing the CA certificate manually).

    3. Using the Microsoft Management Console (see Procedure 4.1.3.3, Importing the CA certificate using Microsoft Management Console (MMC)).

  6. Create the appropriate outband authentication policies in MC and reference them in the services of PNS. See Chapter 15, Connection authentication and authorization in Proxedo Network Security Suite 1.0 Administrator Guide for details.