Configuring the SMP Internal Certificate Authority

After you initialize the internal CA, configure the certificate settings.

To configure certificate settings:

  1. Go to System > Settings.

  2. Click Certificate Authority.

  3. For The root certificate expires every, enter the number of months after CA initialization that the CA root certificate expires.

  4. For Automatically renew (in Root Certificate), enter when the root certificate is automatically renewed.

  5. For The gateway certificate expires every, enter the number of months.

  6. For Automatically renew (in Gateway Certificate), enter the number of months before expiration when the gateway certificate is automatically renewed.

  7. For Revocation answer is valid for, enter the number of hours the gateway stores the answer in the cache.

  8. Click Save.

  9. Click Reinitialize CA.

  10. To export the certificate to a file, click Export X.509.

When the root certificate is renewed, the CA is reinitialized. All the certificates for the gateways are automatically renewed.

When gateways authenticate to each other, each gateway performs online revocation and checks with the Security Management Server to verify that the other gateway's certificate has not been revoked. To enhance VPN performance, the gateway then caches this answer. The revocation answer is purged from the cache after the specified period.