About VPN certificates

Note: To configure VPNs, you need a Unified Threat Management license.

Once a local Certificate Authority (CA) has been created, you can generate certificates.

The first certificate created is usually for the Smoothwall that the Certificate Authority is installed on. This is because the Smoothwall VPN gateway is a separate entity to the Certificate Authority, and therefore it needs its own certificate.

It is normal for a single Certificate Authority to create certificates for all other hosts that is used as VPN gateways, that is, all other Smoothwalls.

You can create signed certificates.

You can review the content of a certificate. Reviewing certificates can be useful for viewing certificate content and validity.

Any certificates you create for the purpose of identifying other network hosts must be exported so that they can be distributed to their owner.

You can export the certificates in the PKCS#12 format. This is a container format used to transport a certificate and its private key. It is recommended for use in all Smoothwall to Smoothwall VPNs and L2TP road warriors.

You can import a certificate. For Smoothwall Filter and Firewalls that don't have their own Certificate Authority you need to import and install a host certificate to identify them. This is the normal process for secondary Smoothwalls, for example, branch office systems connecting to a head office that has a Smoothwall and Certificate Authority.