Managing Installed Certificates
On the Installed Certificates page, you can create and manage appliance certificates or upload a P12 certificate. Uploaded certificates and the default certificates are displayed in a table. To see certificate details, click the certificate name.
You can upload a certificate signed by an intermediate CA or root CA. All intermediate and root CAs found in the P12 file are automatically uploaded to the trusted CAs list.
Note - This page is available from the Device and VPN tabs.
On the VPN Remote Access Blade Control page, after you enable the SSL VPN feature, you can select and assign a certificate from the list of the installed certificates (with the exception of the Default Web Portal certificate). You can also do this on the Remote Access Advanced tab.
On the Device > Device Details page, you can select and assign a Web portal certificate from the list of installed certificates (with the exception of the Default certificate).
Installed certificates are used in site-to-site VPN, SSL VPN, and the Web portal.
When Cloud Services is turned on and the appliance is configured by Cloud Services, the Cloud Services Provider certificate is downloaded automatically to the appliance. The Cloud Services Provider certificate is used by community members configured by Cloud Services. Note - If you turn Cloud Services off, the Cloud Services Provider certificate is removed.
These are the steps to create a signed certificate:
-
Create a signing request.
-
Export the signed request (download the signing request from the appliance).
-
Send the signing request to the CA.
-
When you receive the signed certificate from the CA, upload it to the appliance.
To create a new certificate to be signed by a CA:
-
Click New Signing Request. The New Certificate Request window opens.
-
Enter a Certificate name.
-
In the Subject DN enter a distinguished name (e.g. CN=myGateway).
-
Optional - to add alternate names for the certificate, click New. Select the Type and enter the Alternate name and click Apply.
-
Click Generate.
The new signing request is added to the table and the status shows "Waiting for signed certificate".
Note - You cannot edit the request after it is created.
If the new signing request is signed by the Internal CA and the Organization Name is not defined in the DN, the Internal CA automatically generates the Organization Name.
To export the signing request:
Click Export.
To upload the signed certificate when you receive the signed certificate from the CA:
-
Select the signing request entry from the table.
-
Click Upload Signed Certificate.
-
Browse to the signed certificate file (*.crt).
-
Click Complete.
The status of the installed certificate record changes from "Waiting for signed certificate" to "Verified".
To upload a P12 file:
-
Click Upload P12 Certificate.
-
Browse to the file.
-
Edit the Certificate name if necessary.
-
Enter the certificate password.
-
Click Apply.