Certificate Management
The Certificate window manages certificates that will be used in application authentication such as VPN and websites. You can obtain a digital certificate from a wellknown certificate authority (CA) such as VeriSign, or generate and sign your own certificate using the provided functionality. You can also upload certificates issued by a certificate authority (CA) or generate a certificate signing request (CSR) to pass it to the CA for signing.
Adding Certificates
A certificate can be added to the organization so it can be can be used by an application that requires secure communication.
- Navigate to Settings > Certificate Management.
- In the Certificates and Keys table, click Add.
- Select the type of certificate to be generated or import a certificate.
- If you wish to issue certificate signing request, enter the required information:
|
Common Name |
Enter a name for the certificate. |
| Alternative Name | Enter an alternative name for the certificate. |
| Signed by | Select the certificate authority. |
- If you would like to generate a certificate by uploading a Certificate Signing Request file, enter the following:
| Signed by | Select the certificate authority. |
| Upload Certificate Signing Request (CSR) | Click Browse to upload a CSR file. |
- If you would like to import a certificate to the database, choose one of the following:
| Upload PEM-encoded Private key | Click Browse to upload a PEM-encoded private key (a PEM file). |
| Upload PEM-encoded Certificate | Click Browse to upload a PEM-encoded certificate (a PEM file). |
| Upload PEM-encoded Certificate Chain | Click Browse to upload a PEM-encoded certificate chain (a PEM file that contains one or more certificates). |
- If you would like to generate a private key using Diffie–Hellman key exchange (DH) or Transport Layer Security (TLS) encryption, enter the following:
| Key Name | Enter a name for the key. |
| Key Type | Select either DH or TLS encryption method. |
| Key Size | Select the key size in bits. |
- If you would like to import a private key with Diffie–Hellman key exchange (DH) or Transport Layer Security (TLS) encryption, enter the following:
| Key Name | Enter a name for the key. |
| Upload Your Private Key | Click Browse to upload your private key file. |
- Select Access level to specify the accessibility of the generated certificate or key in the organization.
- Click Save.
Adding Certificate Authorities
You can manage the certificate issuing authorities in the certificate database.
To add a certificate authority:
- Navigate to Settings > Certificate Management.
- In the Certificate Authorities table, click Add.
- Select the Access level for the accessibility of the CA in the organization
- Upload your RSA private key in unencrypted PEM format for the certificate authority (CA)*
- Upload your X.509 certificate in PEM format for the certificate authority (CA)*
- Click Save.
Searching for a Certificate
The Certificates and Keys list allows you to view a list of certificates (both from a CA and self-signed) currently loaded on the system. The following certificate data is displayed in the list:
| Name/Alternative Name | The Name/Alternative Name of the certificate. |
| Contents | Whether this is a private key or certificate or both. |
| Accessl Level | The accessibility level of this certificate. |
| Issuer Name | The CA name that issued this certificate. |
| Expiry | The date after which this certificate becomes invalid |
| Used by | The VPN configuration with IKE profiles that uses this certificate. |
| Status | Whether this is valid. |
| Renewal schedule | The planned renewal time for this certificate. |
| Actions | Click View, Update, Delete, or Download to perform the respective opertion on the certificate. |
To search for a certificate:
- Navigate to Settings > Certificate Management.
- Enter a keyword in the search field at the top right of the Certificate Table or Certificate Authorities Table to search for all fields.
All certificate or keys matching the value entered in the field will automatically appear.
Viewing the Certificate Information
- Navigate to Settings > Certificate Management.
- From the Certificate or Certificate Authorities list, select desired entry, then click View to view more information about the content of the certificate or key.
Updating the Certificate Information
- Navigate to Settings > Certificate Management.
- From the Certificate or Certificate Authorities list, select desired entry, then click Update to renew an expiring certificate or replace an invalid certificate or regenerate a private key.
Downloading Certificate or Key Files
- Navigate to Settings > Certificate Management.
- From the Certificate or Certificate Authorities list, select the desired entry, then click Download to download a certificate file or private key file in PEM format.
Managing Local User Certificates
Local User Certificates used for OpenVPN server settings can be revoked or resumed its validity. Go to the Client List in VPN > Open VPN in Device Configuration page of a gateway .
- Navigate to Settings > Certificate Management.
- From the Local User Certificates list, select the desired entry, then click Download to download a local user certificate file. To revoke a local user certificate, select the desired entry, then click Revoke to revoke the certificate. To resume the certificate's validity, click Resume.
After a local user certificate is added successfully, you can reference where the certificate is applied in OpenVPN profiles by clicking the Used by field in the table.