Local RSA Key

With RSAClosed authentication, RSA keys are used for authentication of the VPN endpoints. The public keys of the endpoints are exchanged manually before the connection is established. If you want to use this authentication type, you have to define a VPNClosed identifier and create a local RSA key. The public RSA key of the gateway must be made available to remote IPsecClosed devices that use IPsec RSA authentication with Sophos UTM.

Note – Sophos UTM uses RFC 3110 format for RSA keys. RSA authentication will not work with 3rd party endpoints that use a different RSA key format.

Current Local Public RSA Key

Displayed is the public portion of the currently installed local RSA key pair. Click into the box, then press CTRL-A and CTRL-C to copy it to the clipboard.

Local RSA Key VPN Options

Select the VPN ID type which best suits your needs. By default, the hostname of the gateway is taken as the VPN identifier. If you have a static IP address as local VPN endpoint, select IP address. Alternatively, use an email address as VPN ID for mobile IPsec road warriors.

Click Apply to save your settings. Changing the settings does not modify the RSA key.

Re-generate Local RSA Key

To generate a new RSA key, select the desired key size and click Apply. This will start the key generation process, which can take from a few minutes up to two hours, according to your selected key length and used hardware. The key size (key length) is a measure of the number of keys which are possible with a cipher. The length is usually specified in bits. The following key sizes are supported:

Once the RSA key has been generated, the appropriate public key will be displayed in the Current Local Public RSA Key box. Generating a new RSA key will overwrite the old one.