Import an externally signed VPN gateway certificate

You can import a certificate signed by an external certificate issuer for a VPN Gateway element when the certificate request has been created in the SMC.

For security reasons, it is not possible to import externally generated private keys.
Note: Prior to software versions 6.10.8 all CAs that issues certificates for your VPNs must be configured in the SMC and be included as trusted both at the gateway and VPN Profile levels. In later versions only trust anchor certificates must be configured as trusted. Possible intermediate CAs must be included in the certificate bundle that are being imported as the VPN gateway certificate.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Secure SD-WAN.
  2. Open the Gateways branch and expand the tree under the VPN Gateway element.
  3. Right-click the certificate request and select Import Certificate.
  4. Select the certificate authority that signed the certificate.
  5. Browse to the certificate file on your local workstation or copy and paste the content of the certificate into the dialog box.
    If you copy and paste the certificate, include the“Begin Certificate Request” header and the “End Certificate Request” footer.
    Note: Starting with version 6.10.8: If VPN gateway certificate is signed by an intermediate CA, imported certificate must be a certificate bundle that contains all the VPN gateway certificate and all intermediate certificates. SMC verifies if the complete certificate chain is present when importing. Certificate bundle is concatenation of the certificates in PEM format.
    The signed certificate is imported and transferred to the engine automatically.

Import Certificate dialog box

Use this dialog box to import an externally signed certificate.

Option Definition
From File Allows you to import a certificate from a file on your computer. Click Browse to select the file.
As Text Allows you to paste the contents of the certificate as text in the text field.