Sign external VPN certificate requests with an internal certificate authority
You can use an internal certificate authority to sign VPN certificate requests for VPN clients and internal VPN gateways.
Before you begin
For VPN clients, you must have a PKCS#10 certificate request file in PEM format. For internal VPN gateways, you must have already generated a certificate request.
The SMC’s Internal RSA CA for Gateways and Internal ECDSA CA for Gateways can be used to sign external certificate requests. You can also use an internal certificate authority to sign any certificate request that is in the supported format (PKCS#10 certificate requests in PEM format). An alternative is to configure the Internal Gateway to accept an externally signed certificate by defining the external certificate issuer as trusted.
- There is both an Internal RSA CA for Gateways and an Internal ECDSA CA for Gateways.
- The Internal CA for Gateways is in the process of being renewed and both the previous CA and the new CA are temporarily available.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Select Configuration, then browse to SD-WAN.
-
Sign VPN Client certificates.
-
Sign certificate requests for internal VPN gateways.
Sign VPN Client Certificate dialog box
Use this dialog box to sign VPN Client Certificates.
Option | Definition |
---|---|
Sign with | If more than one valid internal certificate authority is available, select which internal CA signs the certificate request. There can be multiple valid Internal CAs for Gateways in the following cases:
|
From File | Specifies the path to the file. |
Browse | Browse to the certificate request file on your local workstation. |
As Text | Use this text box to copy and paste the content of the certificate request into the dialog (including the "Begin Certificate Request" header and the "End Certificate Request" footer). |
Sign | The certificate is signed and the Export Certificate dialog opens. |
Sign Certificate Request dialog box
Use this dialog box to sign certificate requests for internal VPN gateways.
Option | Definition |
---|---|
Sign With | If more than one valid internal certificate authority is available, allows you to select which internal CA signs the certificate request.
|
Sign | Signs the certificate using the selected CA, then closes the window. |