Device Configuration : Configure : VPN : Certificate Authorities
Certificate Authorities
The Certificate Authorities page displays list of all the certificate authority and you can filter list based on the certificate authority name.
Device provides a facility to generate a local certificate authority as well as import certificates, signed by commercial providers, such as VeriSign.
A certificate signed by a Certificate Authority (CA) identifies the owner of a public key. Each communicating party may be required to present its own certificate signed by a CA verifying the ownership of the corresponding private key. Additionally, the communicating parties need to have a copy of the CA’s public key. In case private key is lost or stolen or the information is changed, CA is responsible for revoking the certificate. CA also maintains the list of valid and revoked certificates.
After your CA has issued a certificate or have local certificate, you can upload it for use in VPN.
You can use default CA and can modify and re-generate it as per your requirement if you are not using any external CA. Using this CA, you can generate self-signed certificate and use it in VPN policy.
Using Third Party CA involves uploading:
CA and root certificate
Certificate
CRL (Certificate Revocation List)
If the remote peer is using certificate issued by the following third party CA, you are not required to upload CA:
VeriSign
Entrust
Microsoft
* Default CA is regenerated automatically when it is updated.
The page provides option to:
Download CA
Add a new CA
Regenerate CA