Configuring VPN Certificates on a 1st Generation NetVanta 2000 Series
NOTE: Time needs to be correct on NetVanta.
1. Go to appropriate Certificate server (VeriSign, Microsoft, etc)
2. Select Retrieve a CA certificate
3. Click Next
4. Select Base 64 encoded
5. Click on Download CA certificate
6. Save it with security certificate extension
7. Open Notepad or Wordpad (Select open all files for file of type)
8. Copy the complete certificate (Crt-C)
9. On the NetVanta, go to Policies, VPN and Certificates
10. Under CA Certificate, select UploadCertificate
11. Make sure RSA is selected under Signature Algorithm
12. Paste the copied certificate (Crtl-V)
13. Click OK
14. Go to Polices, Certificates and under Self Certificate click on GenerateRequest
15. Under name and Subject, select any name
16. Use RSA for Signature Algorithm
17. Use 1024 for Key length
18. Use MD5 for Hash Algorithm
19. Click OK
20. Select the test using Crtl-A and Crtl-C
21. Click on Back to table page
22. Under the Private Key Without Public Key, the self certificate should be “waiting”
23. Go back to the Certificate Server and select HOME
24. Select Request a certificate and click Next
25. Select Advanced Request and click Next
26. Select Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file and click Next
27. Paste (crtl-v) the self certificate and click Submit
28. Select Base64 encoded and click on Download CA certificate
29. Save it and open it with notepad.
30. Select it all (crtl-a) and copy it (crtl-c)
31. On the NetVanta, under Self Certificate, select UploadCertificate
32. Make sure the name matches with your certificate. Paste it (crtl-v)
33. Click OK
34. The certificate under Private Key Without Public Key should be gone
35. Select the self certificate path (i.e /C=US/CN=name) and copy it (crtl-c)
1. Under IKE Policy Configuration select DER ANS1 DN for LocalIdType
2. For Local ID Data, paste (crlt-v) the self certificate name.
3. For Remote IdType, select DER ANS1 DN and on the Remote ID Data, enter the self-certificate path for the remote unit.
4. Save the configuration.