Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuring VPN Certificates on a 1st Generation NetVanta 2000 Series

Configuring VPN Certificates on a 1st Generation NetVanta 2000 Series

Configuring VPN Certificates on a 1st Generation NetVanta 2000 Series

NOTE: Time needs to be correct on NetVanta.

1.      Go to appropriate Certificate server (VeriSign, Microsoft, etc)

2.      Select Retrieve a CA certificate

3.      Click Next

4.      Select Base 64 encoded

5.      Click on Download CA certificate

6.      Save it with security certificate extension

7.      Open Notepad or Wordpad (Select open all files for file of type)

8.      Copy the complete certificate (Crt-C)

9.      On the NetVanta, go to Policies, VPN and Certificates

10.  Under CA Certificate, select UploadCertificate

11.  Make sure RSA is selected under Signature Algorithm

12.  Paste the copied certificate (Crtl-V)

13.  Click OK

14.  Go to Polices, Certificates and under Self Certificate click on GenerateRequest

15.  Under name and Subject, select any name

16.  Use RSA for Signature Algorithm

17.  Use 1024 for Key length

18.  Use MD5 for Hash Algorithm

19.  Click OK

20.  Select the test using Crtl-A and Crtl-C

21.  Click on Back to table page

22.  Under the Private Key Without Public Key, the self certificate should be “waiting”

23.  Go back to the Certificate Server and select HOME

24.  Select Request a certificate and click Next

25.  Select Advanced Request and click Next

26.  Select Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file and click Next

27.  Paste (crtl-v) the self certificate and click Submit

28.  Select Base64 encoded and click on Download CA certificate

29.  Save it and open it with notepad.

30.  Select it all (crtl-a) and copy it (crtl-c)

31.  On the NetVanta, under Self Certificate, select UploadCertificate

32.  Make sure the name matches with your certificate. Paste it (crtl-v)

33.  Click OK

34.  The certificate under Private Key Without Public Key should be gone

35.  Select the self certificate path (i.e /C=US/CN=name) and copy it (crtl-c)

1.      Under IKE Policy Configuration select DER ANS1 DN for LocalIdType

2.      For Local ID Data, paste (crlt-v) the self certificate name.

3.      For Remote IdType, select DER ANS1 DN and on the Remote ID Data, enter the self-certificate path for the remote unit.

4.      Save the configuration.

Labels (1)
Version history
Last update:
‎02-24-2012 11:20 AM
Updated by: