Export a Certificate for a Peer to Access Using Hash and URL

IKEv2 supports Hash and URL Certificate Exchange as a method of having the peer at the remote end of the tunnel fetch the certificate from a server where you have exported the certificate. Perform this task to export your certificate to that server. You must have already created a certificate using
Device
Certificate Management
.
  1. Select
    Device
    Certificates
    , and if your platform supports multiple virtual systems, for
    Location
    , select the appropriate virtual system.
  2. On the
    Device Certificates
    tab, select the certificate to
    Export
    to the server.
    The status of the certificate should be valid, not expired. The firewall will not stop you from exporting an invalid certificate.
  3. For
    File Format
    , select
    Binary Encoded Certificate (DER)
    .
  4. Leave
    Export private key
    clear. Exporting the private key is unnecessary for Hash and URL.
  5. Click
    OK
    .

Related Documentation