Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Documentation Index
Networking
VPN
VPN Certificates
About VPN Certificates
Manage VPN Certificates
Renew Certificates
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Manage VPN Certificates

Changing your connection password

Use the following procedure to change the "connection" password you created for your VPN connection.

Note: This is not the "import" password that you created in NetReg.

  1. Select Certificates > Change Certificate Password.
  2. Enter the current (old) password.
  3. Type your new password.
  4. Next, you are asked to type your new password again.
  5. The password for the certificate will be changed. Now when you connect to the VPN service, use your new password when prompted.

Deleting a certificate via the VPN client

When you delete a certificate via the Cisco VPN client, it is removed from your machine only. You should also revoke the certificate in NetReg if it is no longer needed.

When should a certificate be deleted?

  • If a certificate is revoked via NetReg, it should be deleted from your machine as well.
  • If your machine is being transferred or discarded.
  • If the owner of the certificate no longer needs to use the vpn service.
  • If the certificate is reaching its expiration date you have generated a new certificate.

How to delete a certificate

  1. Launch the Cisco VPN client and select the Certificates tab.
  2. Select the certificate that you want to delete and select Certificates > Delete.
  3. You are prompted to enter the Certificate Password. This is the "connection" password NOT the "import" password
    • If you did NOT assign a "connection" password to this certificate, leave this field blank and click OK.
    • If you assigned a "connection" password to the certificate, type the password and click OK.
  4. Confirm that you want to delete the certificate by clicking Delete.

Revoking a certificate via NetReg

When you revoke a certificate, it is no longer registered for use via the NetReg system. Even though it may still reside on a machine, it will no longer be valid to connect to the VPN service.

When should a certificate be revoked?

  • If your machine is lost or stolen.
  • If, as an administrator, you issued a certificate on a temporary basis and it needs to be terminated before the expiration date.
  • If the machine containing the certificate is transferred to another owner or discarded and the certificate was not removed from the machine.
  • If your certificate is about to expire and you need to generate and download a new certificate.

How to revoke a certificate

  1. Go to http://netreg.net.cmu.edu/
  2. Review the information provided on the Network Registration page and click Enter at the bottom of the display.
  3. Log in at the WebISO screen using your Andrew userID and password. The Network Registration page displays.
  4. Click the VPN Host name for the certificate you would like to revoke.
  5. Under the Machine Information title bar, click the Manage Certificates link.
  6. The status information for the certificate displays. Under the Revoke Certificate column, click the Revoke Certificate link.
  7. The status page redisplays and the certificate status is now "revoked".

Last updated: 12/11/07