Create a VPN certificate or certificate request for a VPN Gateway element
You can create a certificate request and sign it either using an Internal CA for Gateways or an external certificate authority (CA).
If automated RSA certificate management is active for the VPN Gateway, these steps are necessary only in the following cases:
- You have both an Internal RSA CA for Gateways and an Internal ECDSA CA for Gateways. Only the default CA is used in automated RSA certificate management. You must manually create and renew any certificates that are not signed by the default CA.
- You want to use DSA certificates.
- You want to create a certificate request to be signed by an external CA.
For more details about the product and how to configure features, click Help or press F1.
Steps
VPN Certificate Request Properties dialog box
Use this dialog box to view the properties of a VPN certificate request, export a VPN certificate request, or import a signed certificate.
Option | Definition |
---|---|
General tab | |
Subject Name | Shows the identifier of the certified entity. Not editable. |
Request Type | Show the requested type of certificate and the message digest algorithm. Not editable. |
Key Length | Shows the requested key length. Not editable. |
Gateway | Shows the VPN Gateway element for which the certificate request was generated. Not editable. |
Sign Internally with | Clicking the link signs the certificate using the default internal certificate authority, |
Export | Clicking the link exports the certificate request so that you can sign it using an external certificate authority. Opens the Export Certificate Request dialog box. |
Import Certificate | Clicking the link allows you to import a signed certificate. Opens the Import Certificate dialog box. |
Option | Definition |
---|---|
Certificate tab | |
Certificate text area | Shows the certificate request as text. You can copy and paste the certificate request into an external application to sign the certificate. The field is not editable. |
Generate Certificate dialog box
Use this dialog box to generate a certificate for a VPN Gateway element.
Option | Definition |
---|---|
Organization (O)
(Optional) |
The name of your organization as it should appear in the certificate. |
Organizational Unit (OU)
(Optional) |
The name of your department or division as it should appear in the certificate. |
Country/Region (C)
(Optional) |
Standard two-character country code for the country of your organization. |
State/Province (ST)
(Optional) |
The name of state or province as it should appear in the certificate. |
Locality (L)
(Optional) |
The name of the city or locality as it should appear in the certificate. |
Common Name (CN) | The fully qualified domain name (FQDN) of the authentication page as it should appear in the certificate. |
Public Key Algorithm | Select the public key algorithm according to the requirements of your organization.
|
Sign | |
With External Certificate Authority | Select this option if you want to create a certificate request that another certificate authority signs. |
Internally with | Select this option to sign the certificate using an Internal CA for Gateways. If more than one valid internal certificate authority is available, select the internal CA that signs the certificate request. There can be multiple valid Internal CAs for Gateways in the following cases:
|
Key Length | Length of the key for the generated public-private key pair.
The default is 2048 bits. |
Gateway | Shows the selected gateway element. Not editable. |