Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Documentation Index
Networking
VPN
VPN Certificates
About VPN Certificates
Manage VPN Certificates
Renew Certificates
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

About VPN Certificates

The VPN certificate contains a unique key that the VPN server uses to identify you. When you establish a VPN connection, the VPN server examines your certificate and key to authenticate your identity before authorizing your connection.

VPN certificates are tied to the VPN subnet under which you are registered (e.g., Library or General). The subnet determines which restricted services you are able to access and which traffic is tunneled through the VPN. For example, when you connect using the Library subnet, ALL internet traffic is tunneled through the VPN. However, the General subnet only tunnels restricted traffic through the VPN.

Certificate Authority (CA) and Registration Authority (RA) Certificates

When you download and import a certificate from NetReg, two certificates are actually copied to your machine. A copy of the server root certificate is placed in the CA (Certificate Authority) store in the VPN client and a copy of the client or personal certificate is placed in the Cisco Store in the VPN client. A store is the term used to describe the location on your computer used to "store" certificates. To see all certificates stored on your computer: launch the Cisco VPN client and select the Certificates tab. Then, select Certificates > Show CA/RA Certificates.

Each VPN or subnet requires one copy of the corresponding root certificate on your machine (e.g., vpn user ca for the vpn-general users subnet; vpn acis ca for the vpn-acis services subnet). If you imported multiple certificates for the same subnet (e.g., vpn-general), you also might have multiple personal certificates for that subnet. If this is the case, only one copy of the root certificate resides on your machine.

If you delete a personal certificate and it is the only one in that VPN network/subnet (i.e., vpn general, or acis services), you should also be sure to delete the corresponding root certificate.

Last Updated: 12/11/07