Configure CA Certificates, Key File, and CA Chains
For supported software information, click here.
A certificate authority (CA) is a trusted entity that issues electronic documents. The CA certificate verifies a digital entity’s identity on the internet. The electronic documents, which are called digital certificates, are an essential part of secure communication.
A private key is required to access secured traffic using a certificate. To secure the traffic on a Versa Operating SystemTM (VOSTM) device, you can use either a self-signed CA certificate or a trusted CA certificate.
A certificate chain is an ordered list of certificates, containing an SSL/TLS certificate and CA certificates, that allow the receiver to verify that the sender and all CA's are trustworthy.
This article describes how to upload a CA certificate, a private key file, and a CA chain first to the Director node and then to a VOS device.
Upload a CA Certificate
- In the Director view:
- Select the Configuration tab in the top menu bar.
- Select Devices > Devices in the horizontal menu bar.
- Select a device in the dashboard. The view changes to Appliance view.
- Select the Configuration tab in the top menu bar.
- Select Objects & Connectors > Objects > Custom Objects > CA Certificate in the left menu bar.
- In the Director tab, click the Upload File icon to upload a CA certificate file to the Director node.
- In the Upload CA Certificate to Director popup window, enter information for the following fields.
Field Description File Name (Required) Click Browse, and then select the CA certificate file to upload to the Director node. CA Chain For devices running Releases 22.1.1 and later, select the CA chain. - Click OK to upload the file to the Director node.
- Select the Appliance tab.
- Click the Upload File icon to upload a CA certificate file to the selected VOS device.
- In the Upload CA Certificate to Appliance popup window, enter information for the following fields.
Field Description File Name (Required) Select the CA certificate file to upload to the VOS device. Appliance Select the VOS device to upload the CA certificate file. CA Chain For devices running Releases 22.1.1 and later, select the CA chain for the devices. - Click OK to upload the file to the VOS device.
For information about creating a CA certificate, see Create a CA Certificate.
Upload a Private Key
For Releases 22.1.3 and later.
- In the Director view:
- Select the Configuration tab in the top menu bar.
- Select Devices > Devices in the horizontal menu bar.
- Select a Controller or VOS device in the dashboard. The view changes to Appliance view.
- Select the Configuration tab in the top menu bar.
- Select Objects & Connectors > Objects > Custom Objects > Keys in the left menu bar.
- In the Director tab, click the Upload File icon to upload the private key file to the Director node.
- In the Upload Key File to Director popup window, enter information for the following fields.
Field Description Key Name (Required) Enter a name for the key file. Passphrase Enter a passphrase. Key Filename (Required) Click the Browse button, and then select the key file to upload to the Director node. - Click OK to upload the file.
- Select the Appliance tab.
- Click the Upload File icon to upload a key file to the selected VOS device.
- In the Upload Key File to Appliance popup window, enter information for the following fields.
Field Description Name (Required) Select the key file to upload to the VOS device. Appliance Select the VOS device to upload the key file. Passphrase Enter a passphrase. - Click OK to upload the file to the VOS device.
For information about creating a private key, see Create a Private Key for a CA Certificate.
Upload a CA Chain
- In the Director view:
- Select the Configuration tab in the top menu bar.
- Select Devices > Devices in the horizontal menu bar.
- Select a Controller or VOS device in the dashboard. The view changes to Appliance view.
- Select the Configuration tab in the top menu bar.
- Select Objects & Connectors > Objects > Custom Objects > CA Chains in the left menu bar.
- Click the Upload icon to upload the CA chain file. The file must be in .crt, .cer, or .pem format.
Field Description Chain Name (Required) Enter a name for the CA chain. Chain Filename (Required) Click Browse to select the chain file to upload to the Director node. The chain file must be in .cer, .crt, or .pem format. - Click OK to upload the file.
- Select the Appliance tab.
- Click the Upload File icon, and then select the name of the CA chain file to upload to the VOS device.
- Click OK to upload the file to the VOS device.
Apply CA Certificates, Private Key, and CA Chains
After you configure a CA certificate, private key, and CA chain, you associate them with a VPN profile so that the certificate and chain can be used:
- In Director view:
- Select the Configuration tab in the top menu bar.
- Select Devices > Devices in the horizontal menu bar.
- Select a device in the main pane. The view changes to Appliance view.
- Select the Configuration tab in the top menu bar.
- Select Services > IPsec > VPN Profiles in the left menu bar.
- Click the + Add icon to create a VPN profile. The Add IPSec VPN window displays.
- In the Add IPsec VPN popup window, select the IKE tab, and then enter information for the following fields.
Field Description Local Authentication (Group of Fields) - Authentication Type (Required)
Select Certificate - Certificate Domain
Select Tenant - Certificate Name (Required)
Select the name of the certificate that you uploaded to the Director and VOS devices. - CA Chain (Required)
Select the CA chain that you uploaded to the Director and VOS devices. Peer Authentication (Group of Fields) - Authentication Type (Required)
Select Certificate. - CA Chain (Required)
Select the CA chain that you uploaded to the Director and VOS devices. - For information about configuring other parameters, see Configure IPsec VPN Profiles.
- Click OK.
Supported Software Information
Releases 20.2 and later support all content described in this article, except:
- Releases 22.1.3 adds support for uploading private key file to Director and VOS devices.