NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0140:  FCS_IPSEC_EXT.1.12, Test 1 - Importing of Private Key and Certificate

Publication Date

Protection Profiles

Other References

Issue Description

The FCS_IPSEC_EXT.1.12 Test Assurance Activity requires the evaluator to generate a CSR using the TOE/platform for use during testing.  However, most VPN clients for mobile devices are not designed to issue their own CSRs, and CSR-issuing functionality is not required or directly available to users to meet the MDF PP (so CSR issuance isn't necessarily available on an evaluated mobile device).


For FCS_IPSEC_EXT.1.12, the Assurance Activity for Test 1 has been updated as follows:

Test 1: The evaluator shall have the TOE/platform generate a public-private key pair, and submit a CSR (Certificate Signing Request) to a CA (trusted by both the TOE/platform and the peer VPN used to establish a connection) for its signature. The values for the DN (Common Name, Organization, Organizational Unit, and Country) will also be passed in the request. Alternatively, the evaluator may import to the TOE/platform a previously generated private key and corresponding certificate.


Not all TOE platforms will be able to generate certificate requests, therefore the Test AA was updated to allow the option of importing a private key and certificate.

Site Map              Contact Us              Home