Select which internal certificate authority signs each certificate

When there is more than one valid CA, you can select which CA signs each certificate.

The Management Server includes a dedicated Internal RSA CA for Gateways for signing VPN certificates. You can optionally also create an Internal ECDSA CA for Gateways. If you have both an Internal RSA CA for Gateways and an Internal ECDSA CA for Gateways, only one certificate authority can be selected as the default certificate authority. If you want to sign a certificate with the certificate authority that is not the default CA, you must select which Internal CA for Gateways you want to use.

The Internal RSA CA for Gateways and the Internal ECDSA CA for Gateways are each valid for 10 years. A new Internal RSA CA for Gateways or Internal ECDSA CA for Gateways is automatically created to replace the default certificate authority six months before the expiration date. The certificate authority that is not selected as the default certificate authority is not automatically renewed. You must manually renew the certificate authority.

If the default certificate authority is in the process of being renewed, there is temporarily an extra valid Internal CA for Gateways. In this case, select the new Internal CA for Gateways to sign the certificate.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the Certificate Properties dialog box, select Other in the Internally with field.
  2. (Optional) To make sure that you are selecting the correct Internal CA for Gateways, right-click the Internal CA for Gateways, select Properties, then check the following information:
    • Validity information in the Valid from and Valid to fields
    • Status information
  3. Select the CA you want to use and click Select.

Properties dialog box (VPN Certificate)

Use this dialog box to define the properties of a VPN Certificate.

Option Definition
General tab
Subject Name The identifier of the certified entity.
Public Key Algorithm The algorithm used for the public key.
Key Length Shows the length of the key in bits.
Signature Algorithm Shows the signature algorithm that was used to sign the certificate.
Signed By Shows the CA that signed the certificate.
SubjectAltName The subject alternative name fields of the certificate.
Valid From Shows the start date of certificate validity.
Valid To Shows the end date of certificate validity.
Fingerprint (SHA-1) Shows the certificate fingerprint using the SHA-1 algorithm.
Fingerprint (MD5) Shows the certificate fingerprint using the MD5 algorithm.
Fingerprint (SHA-512) Shows the certificate fingerprint using the SHA-512 algorithm.
Gateway The VPN gateway used.
Option Definition
Certificate tab
Certificate text area Shows the text of the certificate. The field is not editable.