4.1.3.1. Procedure – Encrypting the communication between Zorp and the Zorp Authentication Agent on Microsoft Windows platforms

Purpose: 

To enable encryption between Zorp and the Zorp Authentication Agent, complete the following steps. For the steps to be completed from Zorp Management Console (ZMC), see Chapter 11, Key and certificate management in Zorp in Zorp Professional 7 Administrator Guide.

Steps: 

1. Create a CA (for example, ZAA_CA) using the Zorp Management Console (ZMC). This CA will be used to sign the certificates shown by the Zorp firewalls to the Authentication Agents.

2. Export the CA certificate into DER format.

3. Generate certificate request(s) for the Zorp firewall(s) and sign it with the CA created in Step 1.

   Note
   Each firewall shall have its own certificate. Do not forget to set the firewall as the Owner host of the certificate.

4. Distribute the certificates to the firewalls.

5. Install the Zorp Authentication Agent (ZAA) application to the workstations and import to each machine the CA certificate exported in Step 2.

   There are three ways to import the CA certificate:

   1. Import the CA certificate by using the installer of the Zorp Authentication Agent.

   2. Import the CA certificate manually by using the addcert and getcert programs (see Procedure 4.1.3.2, Importing the CA certificate manually).

   3. You can also import the CA certificate by using the Microsoft Management Console (see Procedure 4.1.3.3, Importing the CA certificate using Microsoft Management Console (MMC)).

6. Create the appropriate outband authentication policies in ZMC and reference them among the services of Zorp. See Chapter 15, Connection authentication and authorization in Zorp Professional 7 Administrator Guide for details.