Certificates

Create or import public key certificates in the X.509 standard format. Such certificates are digitally signed statements usually issued by a Certificate Authority (CA) binding together a public key with a particular Distinguished Name (DN) in X.500 notation.

You can choose among the following options:

You can download certificates either in PKCS#12 or PEM format. The PEM file only contains the certificate itself, while the PKCS#12 file also contains the private key as well as the CA certificate with which it was signed.

Note – Certificates have a validity period. 30 days before a certificate expires, a flag will be added in WebAdmin and you will receive an email notification.

Generate a Certificate

All certificates you generate contain an RSA key. They are signed by the self-signed certificate authority (CA) VPN Signing CA that was created automatically using the information you provided during the initial login to the WebAdmin interface.

To generate a certificate, proceed as follows:

  1. On the Certificates tab, click New Certificate.

    The Add Certificate dialog box opens.

  2. Specify the following settings:

    Name: Enter a descriptive name for this certificate.

    Method: To create a certificate, select Generate.

    Key size: The length of the RSA key. The longer the key, the more secure it is. You can choose among key sizes of 1024, 2048, or 4096 bits. Select the maximum key size compatible with the application programs and hardware devices you intend to use. Unless longer keys cause critical performance issues for your specific purposes, do not reduce the key size in order to optimize performance.

    VPN ID type: You have to define a unique identifier for the certificate. The following types of identifiers are available:

    • Email address
    • Hostname
    • IP address
    • Distinguished name

    VPN ID: Depending on the selected VPNID type, enter the appropriate value into this text box. For example, if you selected IP address from the VPN ID type list, enter an IP address into this text box. Note that this text box will be hidden when you select Distinguished Name from the VPN ID type list.

    Use the drop-down lists and text boxes from Country to Email to enter identifying information about the certificate holder. This information is used to build the Distinguished Name, that is, the name of the entity whose public key the certificate identifies. This name contains a lot of personal information in the X.500 standard and is supposed to be unique across the Internet. If the certificate is for a road warrior connection, enter the name of the user in the Common name box. If the certificate is for a host, enter a hostname.

    Comment (optional): Add a description or other information.

  3. Click Save.

    The certificate appears on the Certificates list.

Upload a Certificate

To upload a certificate, proceed as follows:

  1. On the Certificates tab, click New Certificate.

    The Add Certificate dialog box opens.

  2. Specify the following settings:

    Name: Enter a descriptive name for this certificate.

    Method: Select Upload.

    File type: Select the file type of the certificate. You can upload certificates being one of the following types:

    • PKCS#12 (Cert+CA): PKCS refers to a group of Public Key Cryptography Standards (PKCS) devised and published by RSA laboratories. The PKCS#12 file format is commonly used to store private keys with accompanying public key certificates protected with a container passphrase. You must know this container passphrase to upload files in this format.
    • PEM (Cert only): A Base64 encoded Privacy Enhanced Mail (PEM) file format with no password required.

    File: Click the Folder icon next to the File box and select the certificate you want to upload.

    Comment (optional): Add a description or other information.

  3. Click Save.

    The certificate appears on the Certificates list.