System - Certificates; Personal Certificates - MB Connect Line mbNET MDH810 Manual

System – Certificates
15.3
A key component of VPN connections with IPSec or OpenVPN is the trust relationships between two or more com-
munications peers. Authentication settings are made during configuration, as explained in the section
tion.
For secure communication, authenticity needs to be verified. Certificates help to ensure also that the right peers are
communicating with each other. A certificate is proof of the holder's identity. The certificate can be issued by a higher
authority (called a Certificate Authority, CA for short) or by the actual certificate holder. The certificate holder is called
the Subject, and whoever issues the certificate is called the Issuer.
Below is a screenshot of the relevant certificates tabs and the option to import a new certificate.
15.3.1

Personal Certificates

Personal certificates are used by the holder, but issued and signed by a higher-level authority (CA/root cer-
tificate). For the router to be able to show and use its personal certificate on a remote station, the relevant
PKCS12 file (certificate plus private key) first has to be selected and imported to the router.
Single or multiple PKCS files may be imported. Personal certificates also always have a key, which is why a
PKCS12 file must be imported.
This is actually made up of a .crt file and a .pem key file.
Please note that XCA bundles the key and the certificate to a single file with the extension ".p12".
This is what is meant by a PKCS12 file.
Authentica-
Page 99 of 226
Version: 3.3.5 – DR05 – 23.03.2017