Ca Certificate Requests; Associating Certificates With Ipsec Tunnels - D-Link DFL-260E User Manual

3.8.3. CA Certificate Requests

Web Interface
1. Go to: Objects > Authentication Objects > Add > Certificate
2. Specify a suitable name for the certificate
3. Now select one of the following:
• Upload self-signed X.509 Certificate
• Upload a remote certificate
4. Click OK and follow the instructions
Example 3.23. Associating Certificates with IPsec Tunnels
To associate an imported certificate with an IPsec tunnel.
Web Interface
1. Go to: Interfaces > IPsec
2. Display the properties of the IPsec tunnel
3. Select the Authentication tab
4. Select the X509 Certificate option
5. Select the correct Gateway and Root certificates
6. Click OK
3.8.3. CA Certificate Requests
To request certificates from a CA server or CA company, the best method is to send a CA
Certificate Request which is a file that contains a request for a certificate in a well known,
predefined format.
Manually Creating Windows CA Server Requests
The NetDefendOS Web Interface (WebUI) does not currently include the ability to generate
certificate requests that can be sent to a CA server for generation of the .cer and .key files required
by NetDefendOS.
It is possible, however, to manually create the required files for a Windows CA server using the
following stages.
• Create a gateway certificate on the Windows CA server and export it as a file in the .pfx format.
• Convert the .pfx file into the .pem format.
• Take out the relevant parts of the .pem file to form the required .cer and .key files.
The detailed steps for the above stages are as follows:
1. Create the gateway certificate on the Windows CA server and export it to a .pfx file on the
local NetDefendOS management workstation disk.
151
Chapter 3. Fundamentals