4.1.3.1. Procedure – Encrypting the communication between PNS and the Authentication Agent on Microsoft Windows platforms

Purpose: 

To enable encryption between PNS and the Authentication Agent, complete the following steps. For the steps to be completed from Management Console (MC), see Chapter 11, Key and certificate management in PNS in Proxedo Network Security Suite 2 Administrator Guide.

Steps: 

  1. Create a CA (for example, AA_CA) using the Management Console (MC). This CA will be used to sign the certificates shown by the PNS firewalls to the Authentication Agents.

  2. Export the CA certificate into DER format.

  3. Generate certificate request(s) for the PNS firewall(s) and sign it with the CA created in Step 1.

    Note

    Each firewall shall have its own certificate. Do not forget to set the firewall as the Owner host of the certificate.

  4. Distribute the certificates to the firewalls.

  5. Install the Authentication Agent (AA) application to the workstations and import to each machine the CA certificate exported in Step 2.

    There are three ways to import the CA certificate:

    1. Import the CA certificate by using the installer of the Authentication Agent.

    2. Import the CA certificate manually by using the addcert and getcert programs (see Procedure 4.1.3.2, Importing the CA certificate manually).

    3. You can also import the CA certificate by using the Microsoft Management Console (see Procedure 4.1.3.3, Importing the CA certificate using Microsoft Management Console (MMC)).

  6. Create the appropriate outband authentication policies in MC and reference them among the services of PNS. See Chapter 15, Connection authentication and authorization in Proxedo Network Security Suite 2 Administrator Guide for details.