Import a Certificate for IKEv2 Gateway Authentication
Where Can I Use
This?
What Do I Need?
PAN-OS
No license required
Perform this task if you’re authenticating a peer for an IKEv2 gateway and you didn’t use a local
certificate already on the firewall; you want to import a certificate from
elsewhere.
This
task presumes that you selected
Network
IKE Gateways
, added a gateway,
and for
Local Certificate
, you clicked
Import
.
Import a certificate.
Select
Network
IKE Gateways
,
Add
a gateway,
and on the
General
tab, for
Authentication
,
select
Certificate
. For
Local
Certificate
, click
Import
.
In the Import Certificate window, enter a
Certificate
Name
for the certificate you’re importing.
Select
Shared
if this certificate
is to be shared among multiple virtual systems.
For
Certificate File
,
Browse
to the certificate file. Click on the
filename and click
Open
, which populates the
Certificate File
field.
For
File Format
, select one
of the following:
Base64 Encoded Certificate (PEM)
—Contains the certificate, but not the
key. It’s cleartext.
Encrypted Private Key and Certificate (PKCS12)
—Contains
both the certificate and the key.
Select
Import private key
if
the key is in a different file from the certificate file. The key
is optional, with the following exception: