To configure certificate authentication, you need to complete a number of steps on each storage system and Windows client that will be participating in IPsec communications.
Steps
- Request a signed certificate from a certificate authority.
You can request a signed certificate from a Windows 2000
certificate authority
or from a non-Windows-2000 certificate authority.
- Install the signed certificate.
The proper installation method depends on whether the certificate
was signed by a certificate authority
and whether you are installing the certificate on a storage system
or a Windows client.
- Download and install one or more root certificates.
Your storage system or Windows client can establish an
IPsec connection with any other storage system or Windows client
that uses a certificate signed by a certificate authority that you
trust. To specify that you trust a specific certificate authority,
you should install that certificate authority's root certificate. Then,
you can optionally specify a subset of 1 to 15 certificates that Data ONTAP
should use for certificate authentication.
- Enable the IPsec certificate authentication mechanism.