McAfee SG310 Administration Manual page 297

VPN menu features
Certificate management
• CRL (Certificate Revocation Lists) Certificate is a list of certificates no longer trusted by a certificate
authority.
Adding a local certificate
Use this procedure to add a local certificate for IPSec VPN. The certificate must be in PEM or DER format.
From the VPN menu, click IPSec > Certificate Lists tab. The IPSec Certificates page appears
1
(Figure 307).
Figure 307 IPSec VPN Local Certificate
Select Local Certificate from the certificates list and click New. The Local Certificate page appears
2
(Figure 308).
Figure 308 IPSec VPN Local Certificate
Enter the Public Key certificate in the Local Certificate field. Click Browse to locate the file.
3
Enter the Local Private Key certificate in Private Key Certificate field.
4
Enter the passphrase to unlock the private key certificate in the Private Key Certificate Passphrase
5
field.
Click Finish. The certificate is displayed in the list of installed certificates
6
Figure 309 Installed IPSec VPN Certificate
The Details column shows the Distinguished Name of the certificate. This is needed for the Distinguished
Name field of the Remote Endpoint Settings of the other end of a certificate-based IPSec tunnel.
Adding a CA certificate
Use this procedure to add a CA certificate for use with IPSec VPN. If a Certificate Authority is being used for
authenticating IPSec connections, the Certificate Authority's public key certificate must be installed. The
certificate must be in PEM or DER format.
McAfee UTM Firewall 4.0.4 Administration Guide
(Figure 309).
297