Method and apparatus for implementing secure VPN access via modified certificate strings

摘要

A mobile or other device (10) connects to a server via a publicly accessible network (14) such as the Internet. After installation upon the device, a virtual private network (VPN) client connects to the server (20) and downloads a VPN profile. In one embodiment the device creates public/private key pairs and requests enrollment of a digital certificate. In another embodiment a digital certificate and public/private key pairs are provided. The device also receives a digital certificate from the server (20) and verifies the server certificate by requesting the user to supply a portion of a fingerprint for the certificate. The invention further includes an automatic content updating (ACU) client that downloads a user profile for the VPN, requests certificate enrollment, and updates the VPN client and other applications when new content is available. A security service manager (SSM)(20) server includes, or is in communication with, a Web server (90), multiple databases (98), an enrollment gateway (22) and an internal certification authority (CA)(28). A VPN policy manager (26) application creates and manages VPN profiles and/or policies and communicates with the SSM server (20). The SSM server (22), which may reside on an enterprise intranet, may further communicate with one or more external CAs (28).