D-Link DFL-2560 Product Manual - Page 130
CA Certificate Requests
UPC - 790069335433
View all D-Link DFL-2560 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 130 highlights
3.7.3. CA Certificate Requests Chapter 3. Fundamentals There are two types of certificates that can be uploaded: self-signed certificates and remote certificates belonging to a remote peer or CA server. Self-signed certificates can be generated by using one of a number of freely available utilities for doing this. Example 3.18. Uploading a Certificate The certificate may either be self-signed or belonging to a remote peer or CA server. Web Interface 1. Go to Objects > Authentication Objects > Add > Certificate 2. Specify a suitable name for the certificate 3. Now select one of the following: • Upload self-signed X.509 Certificate • Upload a remote certificate 4. Click OK and follow the instructions Example 3.19. Associating Certificates with IPsec Tunnels To associate an imported certificate with an IPsec tunnel. Web Interface 1. Go to Interfaces > IPsec 2. Display the properties of the IPsec tunnel 3. Select the Authentication tab 4. Select the X509 Certificate option 5. Select the correct Gateway and Root certificates 6. Click OK 3.7.3. CA Certificate Requests To request certificates from a CA server or CA company, the best method is to send a CA Certificate Request which is a file that contains a request for a certificate in a well known, predefined format. Manually Creating Windows CA Server Requests The NetDefendOS Web Interface (WebUI) does not currently include the ability to generate certificate requests that can be sent to a CA server for generation of the .cer and .key files required by NetDefendOS. It is possible, however, to manually create the required files for a Windows CA server using the following stages. • Create a gateway certificate on the Windows CA server and export it as a file in the .pfx format. • Convert the .pfx file into the .pem format. 130