Import Certificate
|
Click to import an IPsec certificate that you have already saved. Click Browse, navigate to an IPsec certificate in PEM or DER format, and click Apply.
|
Retrieve Certificate through SCEP
|
Click to retrieve a certificate from the CA server that you configured on VPN > Certificates > SCEP.
|
Subject Name
|
Typically, you type the Threat Management Services (TMS) zl Module's FQDN . The remote tunnel endpoint will use this subject name to authenticate the module; therefore, the subject name must match a remote ID that is configured on the remote endpoint. Use the format /CN=<common name>
|
Trusted Certificate to Verify Certificate
|
Select a CA root certificate that can verify the certificate. This CA root certificate must already be uploaded on VPN > Certificates > Certificate Authorities and it must have been generated by the SCEP server that you specified on VPN > Certificates > SCEP.
|
Certificate Type
|
Select RSA -MD5 or RSA-SHA -1. This setting determines the algorithm for the private key. You should have selected RSA Signature for the Authentication Method in the IKE policy.
|
Encryption Algorithm
|
Select DES or 3DES.
|
Challenge Password
|
Type the password that your CA has given you. The challenge password is typically used to revoke a certificate. If your CA does not require a password, leave this box empty.
|
Identifier to Store Private Key
|
Specify a string between 1 and 31 alphanumeric characters. The string must be unique to this private key.
|
Key Size
|
Select 512, 1024, or 2048 to specify the length of the key in bits. Click Apply to retrieve the certificate.
|
Import Private Key
|
Click to import a private key that was generated elsewhere. First you must transfer the private key to your management workstation. Make sure that all copies of the private key are stored in secure locations; otherwise, the certificate could be compromised.
|
Private Key Identifier
|
Type a descriptive string between 1 and 31 alphanumeric characters. The string must be unique to this key.
|
Select Private Key
|
Type the path and filename for the private key or click Browse, navigate to the private key, and then click Apply.
|
Generate Private Key
|
Click to generate a private key.
|
Private Key Identifier
|
Type a descriptive string between 1 and 31 alphanumeric characters. The string must be unique to this key.
|
Key Algorithm
|
Select RSA or DSA . In the IKEv1 policy, match DSA Signature or RSA Signature from Authentication Method (Step 2 of 3).
|
Key Size
|
Select 512, 1024, or 2048. This determines the length of the key in bits.
|
Generate Certificate Request
|
Click to generate an IPsec certificate request.
|
Certificate Name
|
Type a descriptive alphanumeric string. The name must be unique for this request.
|
Signature Algorithm
|
Select the algorithm that will be used to sign the certificate.
-
MD5 with RSA
-
SHA-1 with DSA
You must select the same algorithm that is used by the private key: select MD5 with RSA or SHA-1 with RSA for an RSA key and SHA-1 with DSA for a DSA key.
|
Private Key Identifier
|
Select a private key from the list.
|
Subject Name
|
Type the subject name of the TMS zl Module. Use the format /CN=<common name>
|
Subject Alternate Names
|
Optional: Specify other IDs with which the module identifies itself:
-
Type an IP address in one or both IP Address boxes. Typically, the IP address is the module’s public IP address, but you can specify any valid IP address.
-
Type an FQDN in one or both Domain Name boxes.
-
Type an email address in one or both Email ID boxes. The email address does not have to be valid.
The subject name or one of the subject alternative names must match a remote ID that is configured on the remote tunnel endpoint. The name must match in both type and value. For example, if you have typed TMS.procurve.com for Subject Name, an IKE policy on the remote tunnel endpoint must allow the remote ID of type FQDN and value TMS.procurve.com.
Likewise, if you type 10.10.10.10 for IP Address, an IKE policy on the remote tunnel endpoint must allow the remote ID of type IP Address and value 10.10.10.10.
|