Create, edit or delete a VPN certificate

This article explains how to create a new VPN certificate in your Smoothwall On-Premise Appliance. Alternatively, you can import a certificate.

Create certificates

Before you begin

To create a VPN certificate in Smoothwall, you must already have a local Certificate Authority (CA) set up. The certificate will be created using your local Smoothwall Certificate Authority and can’t be created using an imported CA. If you don’t have a local CA set up, you’ll see an error: ‘You must create a CA before a certificate’.

Create a certificate

1. Go to Network > VPN > Certificates.
2. Go to the Create new signed certificates section.
3. Select the ID type from the dropdown. This identifier must match at both ends of the tunnel and may be mandated by your VPN provider.
   

   Note

   Smoothwall doesn’t require a real DNS name or email address, but your VPN provider may.

   • No ID
   • Host & domain name: Used for site-to-site VPN connections.
   • IP address: Used for site-to-site VPNs with gateways that use static IP addresses.
   • Email address: Used for Road warrior or internal VPN connections.
4. If you have selected an option other than No ID, enter the ID value.
5. Enter a Common name to help identify the certificate, usually your Smoothwall’s Hostname.
6. (Optional) Enter the Email address of the certificate owner.
7. (Optional) Add additional information to help identify the certificate:
   1. Organisation
   2. Department
   3. Locality or town
   4. State or province
   5. Country

   Note

   Smoothwall sets default text for the Organisation and Country fields during installation. You can’t change the defaults, but you can amend the fields. For Country, ensure you use a two-letter ISO-3166 country code.

8. Use the Life time dropdown to select from:
   • A preset duration: 1 day, 1 week, 2 weeks, 1 month, 3 months, 6 months, 1 year, 2 years, 4 years or 8 years.
   • User defined: Enter a number of days between 1 and 365000.
9. Select Create signed certificate.
   • Smoothwall creates a certificate name using the format: [Common name]’s [Organisation] certificate. For example, if the Common name is Bob, and the Organisation is Example School, the certificate will show as Bob’s Example School certificate in the Installed signed certificates table.
   • If Smoothwall displays an error saying ‘Unable to create certificate, possibly due to a duplicate Subject’, check the following:
     • Confirm that you used a valid two-letter ISO-3166 country code.
     • Ensure that the Subject (ID value) has not already been used for another certificate.

Edit a certificate

You can’t edit an existing VPN certificate. You can:

• Delete it and add a new certificate.
• Make a copy of the certificate:
  
  1. Select the checkbox in the Mark column.
  2. Select Clone certificate. This adds the cloned certificate to the Create new signed certificate section.
  3. Edit the details, then select Create signed certificate.

Delete a certificate

1. Go to Network > VPN > Certificates.
2. Go to the Installed signed certificates section.
3. Select the checkbox in the Mark column for the certificate to delete.
   

   Note

   If you select the certificate used for VPNs, you will see a ‘Cannot delete the currently selected global certificate’ message, and none of the certificates you selected are deleted. Go to Network > VPN > Global to change the Default local certificate or check which is being used.

4. Select Delete.