Import an externally signed VPN gateway certificate

You can import a certificate signed by an external certificate issuer for a VPN Gateway element when the certificate request has been created in the SMC.

For security reasons, it is not possible to import externally generated private keys.
Note: All CAs that issue certificates for your VPNs must be configured in the SMC and be included as trusted both at the gateway and VPN Profile levels.

  For more details about the product and how to configure features, click Help or press F1.


  1. Select Configuration, then browse to SD-WAN.
  2. Open the Gateways branch and expand the tree under the VPN Gateway element.
  3. Right-click the certificate request and select Import Certificate.
  4. Select the certificate authority that signed the certificate.
  5. Browse to the certificate request file on your local workstation or copy and paste the content of the certificate request into the dialog box.
    If you copy and paste the certificate request, include the“Begin Certificate Request” header and the “End Certificate Request” footer.
  6. After the signed certificate is imported, delete the certificate request, which is still displayed under the Gateway with the signed certificate.
    The certificate is transferred to the engine automatically.

Import Certificate dialog box

Use this dialog box to import an externally signed certificate.

Option Definition
From File Allows you to import a certificate from a file on your computer.
Browse Allows you to select the file to import.
As Text Allows you to paste the contents of the certificate as text in the text field.