VPN certificate configuration overview

Configuring VPN certificates involves several main steps.

1. (Optional) If you want to use certificates that are signed by some external certificate authority (CA), define the CA in the Management Client.
2. (Optional) If you want to use an Internal ECDSA CA for Gateways to sign certificates, create an Internal ECDSA CA for Gateways.
3. (Optional) If you have both an Internal RSA CA for Gateways and an Internal ECDSA CA for Gateways, select which CA is the default.
4. Start by creating a VPN certificate or certificate request for a VPN Gateway in the following cases:
   • To use an externally signed certificate.
   • To use a ECDSA certificate.
   • If automated RSA certificate management is disabled for gateways.
5. (For externally signed certificates) When the certificate is signed, import the certificate.
6. Select a certificate-based Authentication Method on the IKE SA tab of the VPN Profile.