Import a Certificate for IKEv2 Gateway Authentication

Perform this task if you are authenticating a peer for an IKEv2 gateway and you did not use a local certificate already on the firewall; you want to import a certificate from elsewhere.
This task presumes that you selected
Network
IKE Gateways
, added a gateway, and for
Local Certificate
, you clicked
Import
.
  1. Import a certificate.
    1. Select
      Network
      IKE Gateways
      ,
      Add
      a gateway, and on the
      General
      tab, for
      Authentication
      , select
      Certificate
      . For
      Local Certificate
      , click
      Import
      .
    2. In the Import Certificate window, enter a
      Certificate Name
      for the certificate you are importing.
    3. Select
      Shared
      if this certificate is to be shared among multiple virtual systems.
    4. For
      Certificate File
      ,
      Browse
      to the certificate file. Click on the file name and click
      Open
      , which populates the
      Certificate File
      field.
    5. For
      File Format
      , select one of the following:
      • Base64 Encoded Certificate (PEM)
        —Contains the certificate, but not the key. It is cleartext.
      • Encrypted Private Key and Certificate (PKCS12)
        —Contains both the certificate and the key.
    6. Select
      Import private key
      if the key is in a different file from the certificate file. The key is optional, with the following exception:
      • You must import a key if you set the
        File Format
        to
        PEM
        . Enter a
        Key file
        by clicking
        Browse
        and navigating to the key file to import.
      • Enter a
        Passphrase
        and
        Confirm Passphrase
        .
    7. Click
      OK
      .
  2. Continue to the next task.

Related Documentation