Uploading A Certificate With Web Interface - D-Link DFL-1660 User Manual

3.8.3. CA Certificate Requests
• Upload through the Web Interface.
The following command lines show how a typical SCP utility might upload a certificate consisting
of the two files called cert-1.cer and cert-1.key to a firewall which has the management IP address
192.168.3.1:
> scp C:\cert-1.cer admin@192.168.3.1:certificate/MyCert
> scp C:\cert-1.key admin@192.168.3.1:certificate/MyCert
The certificate object name in NetDefendOS is MyCert for the certificate and this is how it is
referenced by other objects in the configuration.
All certificate uploads should be followed by the configuration being activated since it has been
changed with new objects.
Example 3.23. Uploading a Certificate with Web Interface
The certificate may either be self-signed or belonging to a remote peer or CA server.
Web Interface
1. Go to: Objects > Authentication Objects > Add > Certificate
2. Specify a suitable name for the certificate
3. Now select one of the following:
• Upload self-signed X.509 Certificate
• Upload a remote certificate
4. Click OK and follow the instructions
Using Uploaded Certificates
Once certificates are uploaded, they are stored in non-volatile NetDefendOS memory. To be used
they must be explicitly associated with a NetDefendOS object. For example, an IPsec tunnel object
that uses certificates must be assigned a Gateway and Root certificate.
Example 3.24. Associating Certificates with IPsec Tunnels
To associate an imported certificate with an IPsec tunnel.
Web Interface
1. Go to: Interfaces > IPsec
2. Display the properties of the IPsec tunnel
3. Select the Authentication tab
4. Select the X509 Certificate option
5. Select the correct Gateway and Root certificates
6. Click OK
153
Chapter 3. Fundamentals