Use this page to import, create and export certificates.
Procedure
On the NETWORK menu, under the VPN submenu, click Certificates.
- To import a certificate, under the Import certificates section, enter the Password that was specified when the certificate was created:
- To import a certificate in PKCS#12 format:
- From Import PKCS#12 filename, click Choose File.
- Locate the relevant certificate and click Open.
- Click Import certificate and key from PKCS#12.
- To import a certificate in PEM format:
- From Import PEM filename, click Choose File.
- Locate the relevant certificate and click Open.
- Click Import certificate from PEM.
- To import a certificate in PKCS#12 format:
- To create a new signed certificate:
- Under the Create new signed certificate section, select the certificate’s ID type and enter an ID value, for example, a host name or an email address.
- No ID - We don't recommend that you use this setting, but you can for interoperability with other VPN gateways.
- Host & Domain Name - Used for most site-to-site VPN connections. This doesn't need to be a registered DNS name.
- IP address - Used for site-to-site VPNs whose gateways use static IP addresses.
- Email address - Used for road warrior or internal VPN connections. This doesn't need to be a real email address. However, we recommend that you do.
- Enter a Common name for the certificate, for example, Head Office and an optional administrative Email address for the certificate owner.
- Enter an Organization and Department identifier for the certificate owner.
- Enter a Locality or town and a State or province for the certificate owner.
- Enter a two-letter Country code, for example, US or UK, for the certificate owner.
- From the Lifetime list, select the length of time that the certificate is valid for.
- If you select "User defined" from the Lifetime list, in User define (days) you need to enter the number of days the Certificate Authority is valid.
- Click Create signed certificate.
- Under the Create new signed certificate section, select the certificate’s ID type and enter an ID value, for example, a host name or an email address.
Follow-up tasks
-
- To review an installed signed certificate:
- Under the Installed signed certificates section, find the certificate that you want to view.
- Click the certificate name. The content appears in a new browser window.
- Close the browser window to return to the Smoothwall.
- To export an installed signed certificate:
- Under the Installed signed certificates section, select the certificate that you want to export.
- To export in the PKCS#12 format:
- Enter a Password and Again and then click Export certificate and key as PKCS#12.
- Choose to save the PKCS#12 container file (a .p12 file) to disk in the dialog box launched by your browser software.
- To export in any other format:
- From the Export format list, select the format that you want and click Export.
- Certificate in PEM: An ASCII (textual) certificate format commonly used by Microsoft operating systems. We recommend that you use this for all Smoothwall to Smoothwall VPN connections.
- Certificate in DER: A binary certificate format for use with non- Smoothwall VPN gateways.
- Private key in DER: Exports just the private key in binary for use with non- Smoothwall VPN gateways.
- Choose to save the certificate file (a .pem or .der file) to disk in the dialog box launched by your browser software.
- From the Export format list, select the format that you want and click Export.
- To export in the PKCS#12 format:
- Under the Installed signed certificates section, select the certificate that you want to export.
- To review an installed signed certificate:
Note: Distribute the certificate to its recipient host in a secure manner because it contains the private key that should only be known by the certificate owner.
- To delete a certificate, under the Installed signed certificates section, select the certificate that you want to delete and click Delete.
- Select Clone certificate to make a copy of the certificate and shows the details under the Create new signed certificate section. You need to make any amendments and then click Create signed certificate to keep the copy.