VPN certificate configuration overview
Configuring VPN certificates involves several main steps.
- (Optional) If you want to use certificates that are signed by some external certificate authority (CA), define the CA in the Management Client.
- (Optional) If you want to use an Internal ECDSA CA for Gateways to sign certificates, create an Internal ECDSA CA for Gateways.
- (Optional) If you have both an Internal RSA CA for Gateways and an Internal ECDSA CA for Gateways, select which CA is the default.
- Start by creating a VPN certificate or certificate request for a VPN Gateway in the following cases:
- To use an externally signed certificate.
- To use a DSA certificate.
- If automated RSA certificate management is disabled for gateways.
- (For externally signed certificates) When the certificate is signed, import the certificate.
- Select a certificate-based Authentication Method on the IKE SA tab of the VPN Profile.