1: MFD should be Upgraded with the latest build. 2: MFD, Windows client and linux CA server are in the same subnet. 3: From Windows 2008 server, generate MFD device certificate, Peer device certificate and trusted root certificate 4: Upload MFD device certificate under "CA-Signed Device Certificate(s)" page in MFD. 5: Upload trusted root certificate generated from the Windows server into Trusted root certificates page in MFD. 6: In the Linux server, copy the Peer device certificate generated from Windows CA under /etc/strongswan/ipsec.d/certs folder and Trusted root certificate generated from Windows 2008 server onto /etc/strongswan/ipsec.d/cacerts folder. 7:Wireshark is installed in the Linux server PC. 8: User is currently in IPSec by navigating through Properties -- Security-- IPsec. 9: HTTP should be configured in the MFD.
FILES: AUTOMATION_GROUP: AUTOMATABLE: ACTION_TO_BE_DONE: CONSTRAINTS_DAR: IMP_98: High Level check\ Remarks: \ Owner: RadhaMadhuri TESTCASE_MODIFICATION_REQUIRED: MFF: SPEC: FS 41.005 IPSec TESTCASE_FAMILY: HISTORY: REASON_FOR_AUTOMATABLE: CDATE: 1685716971 TESTCASE_APPROVALS: TESTCASE_STATE: OUTPUT:Open the web page using the ip address of the device. ESP packets are listed once the IPsec connection is established. This confirms that the IKE digital signature authentication supports certificate trust configuration where CA and peer device certificates and trusted CA certificates used are generated by one common CA.; ; ;
RESOURCE_HW: MDATE: 1685716971, 1685733740 APPROVED_SPAR: TEST_CASE_TYPE: TC_WORK_LOCATION_CAT: work_from_home_with_office_support_tc AUTHOR: q3SJKS2P GROUP: MUSER: q3SJKS2P, q3SJKS2P SPEC_TAG: [41.005.168] (FT-21100) [D3.7 - *] For IKE digital signature authentication, the MFD shall support the following certificate trust configurations. [This is for one common Windows CA signing both MFD and peer Linux device and CA certificates ] SPEC_NUM: PROCEDURE:1.Under IPsec page; Click on "Host Groups "tab and click on "ADD New Host Group" button to open "NEW HOST GROUP" page. Provide "HTTP" as Name under Group name. 2.Select IPv4 radio button and select "Specific" under Address Type and provide the IPv4 address of the Linux PC under IP address and save the settings. 3.Click on "Protocol Groups" tab and click on "ADD New Protocol Group" button to open "NEW Protocol GROUP" page and Provide "HTTP Group" as the "Group Name" select "HTTP " and "HTTPS" under the list of protocols and save the settings. 4.Under Actions tab; click on "Add New Action" button to create a new action . 5.Provide a name for this action and select IKE as the Keying Method and select Digital Signature Authentication Option and from the Peer Validation Certificates drop down ; Select the Root CA certificate and Click on next button. 6.Give key life time for phase1 as 24 hours and DH Group as group 14; IPSEC Security as ESP and phase2 lifetime as 24 hours perfect forward secracy as
None.
7.Hash algorithm as SHA256 and AES-128/256 as encryption and save the settings. Under the Security policies tab. 8.select the host group created in step2 above and select the protocol group created in step4 and select the action created in step5 and click on ADDpolicy button to add the policy. Server Configuration: 9.Strongswan is installed in the linux PC. 10. Create a macthing policy in the linux server using strongswan.