Managing Internal Certificates
Quantum Spark 1500, 1600, and 1800 Appliances R81.10.X Locally Managed Administration Guide|263
Managing Internal Certificates
In the Certificates Internal Certificate page you can view details of an internal VPN certificate. You can also
view and reinitialize the certificate used by the internal CA that signed the certificate and can be used to sign
external certificates.
Note - This page is available from the Device and VPN tabs.
When you create an internal VPN certificate, when a certificate that is signed by the internal CA is used, the
CA's certificate must be reinitialized when the Internet connection's IP addresses change.
To avoid constant reinitialization, we recommend you use the DDNS feature. See Device > DDNS. When
DDNS is configured, you only need to reinitialize the certificate once. Changes in the DDNS feature
configuration by default automatically reinitialize certificates.
To reinitialize certificates:
1. Click Reinitialize Certificates.
The Reinitialize Certificates window opens.
2. Enter the Host/IP address.
Normally, the device suggests its own host name (when DDNS is configured) or its external IP
address. If you have multiple Internet connections configured, in load sharing mode, you can
manually enter an accessible IP address for this appliance. This is used by remote sites to access the
internal CA and check for certificate revocation.
3. Select the number of years for which the Internal VPN Certificate is valid. The default is 3. The
maximum value allowed is 20.
4. Click Apply
Note - The internal VPN certificate expiration date cannot be later than the CA expiration date.
To replace an internal CA certificate:
1. Click Replace Internal CA Certificate.
2. Click Browse to select the CA certificate file that includes the private key.
3. Enter the Certificate name and private key's password to allow the device to sign certificates with the
uploaded CA.
4. Enter the Host/IP address.
Normally, the device suggests its own host name (when DDNS is configured) or its external IP
address. If you have multiple Internet connections configured, in load sharing mode, you can
manually enter an accessible IP address for this appliance. This is used by remote sites to access the
internal CA and check for certificate revocation.
5. Click Apply
To export an internal CA certificate:
Click Export Internal CA Certificate to download the internal CA certificate.
To Next Page
Loading...
