Export a Certificate for a Peer to Access Using Hash and URL

IKEv2 supports Hash and URL Certificate Exchange as a method of having the peer at the remote end of the tunnel fetch the certificate from a server where you have exported the certificate. Perform this task to export your certificate to that server. You must have already created a certificate using DeviceCertificate Management.
  1. Select DeviceCertificates, and if your platform supports multiple virtual systems, for Location, select the appropriate virtual system.
  2. On the Device Certificates tab, select the certificate to Export to the server.
    The status of the certificate should be valid, not expired. The firewall will not stop you from exporting an invalid certificate.
  3. For File Format, select Binary Encoded Certificate (DER).
  4. Leave Export private key clear. Exporting the private key is unnecessary for Hash and URL.
  5. Click OK.

Related Documentation