Select which internal certificate authority signs each certificate
When there is more than one valid CA, you can select which CA signs each certificate.
The Management Server includes a dedicated Internal RSA CA for Gateways for signing VPN certificates. You can optionally also create an Internal ECDSA CA for Gateways. If you have both an Internal RSA CA for Gateways and an Internal ECDSA CA for Gateways, only one certificate authority can be selected as the default certificate authority. If you want to sign a certificate with the certificate authority that is not the default CA, you must select which Internal CA for Gateways you want to use.
The Internal RSA CA for Gateways and the Internal ECDSA CA for Gateways are each valid for 10 years. A new Internal RSA CA for Gateways or Internal ECDSA CA for Gateways is automatically created to replace the default certificate authority six months before the expiration date. The certificate authority that is not selected as the default certificate authority is not automatically renewed. You must manually renew the certificate authority.
If the default certificate authority is in the process of being renewed, there is temporarily an extra valid Internal CA for Gateways. In this case, select the new Internal CA for Gateways to sign the certificate.
 For more details about the product and how to configure features, click Help or
            press F1.
Steps
Properties dialog box (SD-WAN Certificate)
Use this dialog box to define the properties of a VPN Certificate.
| Option | Definition | 
|---|---|
| General tab | |
| Subject Name | The identifier of the certified entity. | 
| Public Key Algorithm | The algorithm used for the public key. | 
| Key Length | Shows the length of the key in bits. | 
| Signature Algorithm | Shows the signature algorithm that was used to sign the certificate. | 
| Signed By | Shows the CA that signed the certificate. | 
| SubjectAltName | The subject alternative name fields of the certificate. | 
| Valid From | Shows the start date of certificate validity. | 
| Valid To | Shows the end date of certificate validity. | 
| Fingerprint (SHA-1) | Shows the certificate fingerprint using the SHA-1 algorithm. | 
| Fingerprint (MD5) | Shows the certificate fingerprint using the MD5 algorithm. | 
| Fingerprint (SHA-512) | Shows the certificate fingerprint using the SHA-512 algorithm. | 
| Gateway | The VPN gateway used. | 
| Option | Definition | 
|---|---|
| Certificate tab | |
| Certificate text area | Shows the text of the certificate. The field is not editable. |