Importing Certificates

After your CA service has issued a Certificate for your Pending request, or has otherwise provided a Local Certificate, you can import it for use in VPN or Web Management authentication. CA Certificates may also be imported to verify local Certificates and peer Certificates used in IKE negotiation.

Topics:
Importing a Certificate Authority Certificate
Importing a Local Certificate
Creating PKCS-12 Formatted Certificate File

Importing a Certificate Authority Certificate

To import a certificate from a certificate authority:
1
Click Import. The Import Certificate dialog is displayed.

2
Select Import a CA certificate from a PKCS#7 (*.p7b) or DER (.der or .cer) encoded file. The Import Certificate dialog settings change.

3
Click Browse to locate the certificate file.
4
Click Open to set the directory path to the certificate.
5
Click Import to import the certificate into the firewall. When it is imported, you can view the certificate entry in the Certificates and Certificate Requests table.
6
Moving your pointer to the Comment icon in the Details column displays the certificate details information.

Importing a Local Certificate

To import a local certificate:
1
Click Import. The Import Certificate dialog displays.

2
Enter a certificate name in the Certificate Name field.
3
Enter the password used by your Certificate Authority to encrypt the PKCS#12 file in the Certificate Management Password field.
4
Click Browse to locate the certificate file.
5
Click Open to set the directory path to the certificate.
6
Click Import to import the certificate into the firewall. When it is imported, you can view the certificate entry in the Certificates and Certificate Requests table.
7
Moving your pointer to the Comment icon in the Details column displays the certificate details information.
* 
NOTE: If the certificate was uploaded successfully, the Status in the mouseover popup is Verified.

Creating PKCS-12 Formatted Certificate File

PKCS12 formatted certificate file can be created using Linux system with OpenSSL. To create a PKCS-12 formatted certificate file, one needs to have two main components of the certificate:

Private key (typically a file with .key extension or the word key in the filename)
Certificate with a public key (typically a file with .crt extension or the word cert as part of filename).

For example, the Apache HTTP server on Linux has its private key and certificate in the following locations:

/etc/httpd/conf/ssl.key/server.key
/etc/httpd/conf/ssl.crt/server.crt

With these two files available, run the following command:

openssl pkcs12 -export -out out.p12 -inkey server.key -in server.crt

In this example out.p12 become the PKCS-12 formatted certificate file and server.key and server.crt are the PEM formatted private key and the certificate file respectively.

After the above command, you are be prompted for the password to protect/encrypted the file. After the password is chosen, the creation of PKCS-12 formatted certificate file is complete, and it can be imported into the appliance.