Export signed VPN gateway certificates or VPN certificate authority certificates

You can export signed gateway certificates, the certificates of the Internal RSA CA for Gateways, and the certificates of the Internal ECDSA CA for Gateways.

Before you begin

You must have a signed certificate or a new internal VPN CA.

In most cases, it is not necessary to export signed VPN gateway certificates or VPN certificate authority certificates, but can be done as needed.

If the SMC has created a new Internal RSA CA for Gateways or Internal ECDSA CA for Gateways to replace an expiring default certificate authority, you must export the certificate of the new default certificate authority. You must import the certificate on external gateways that use certificates signed by the default certificate authority or communicate with gateways that use certificates signed by the default certificate authority. If the external gateway itself uses a certificate signed by the default certificate authority, you must also create a new certificate for the external gateway.

You must export certificates that are created when an internal certificate authority signs an external certificate request at the time of signing the certificate request. They are not stored for exporting later.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. To export a signed certificate, follow these steps.
    1. Select Configuration, then browse to SD-WAN.
    2. Browse to Other Elements > Certificates > Gateway Certificates.
    3. Right-click a certificate and select Export Certificate.
    4. Browse to the location where you want to save the file on your local workstation and click Save.
  2. To export the certificate of an internal CA for gateways, follow these steps.
    1. Select Configuration, then browse to SD-WAN.
    2. Browse to Other Elements > Certificates > VPN Certificate Authorities.
    3. Right-click a VPN Certificate Authority element, then select Tools > Export Certificate.
    4. Browse to the location where you want to save the file on your local workstation and click Save.

      If the external gateway uses a certificate signed by the internal certificate authority that has been renewed, you must create a new certificate for the external gateway.