About VPN certificate authorities

Note: To configure VPNs, you need a Unified Threat Management license.

A Certificate Authority (CA) is an implicitly trusted system that is responsible for issuing and managing digital certificates. A certificate created by a known authority can be authenticated as genuine.

To create your own certificates for use in VPN tunnel authentication, you need access to at least one Certificate Authority. You can purchase certificates from an externally managed Certificate Authority, but this can be inconvenient and costly.

Once a Certificate Authority has been created, you can use it to create digital certificates for network hosts. You can also export the Certificate Authority’s own certificate to other systems, which can use it to authenticate digital certificates issued by the Certificate Authority.

If you already have a Certificate Authority on your network, it might be useful to use that. You can only create one Certificate Authority for VPN use. To create another, you must first delete the previously created Certificate Authority.

Once a Certificate Authority has been created, you need to export its certificate so that other systems can recognize and authenticate any signed certificates it creates. There are two different export formats. The certificate only contains public information, so can be used on other systems without any additional security.

You can import another certificate authority's certificate. To authenticate a signed certificate produced by a non-local Certificate Authority, you must import the non-local Certificate Authority’s certificate into the Smoothwall. Typically, you do this on the secondary Smoothwall so that they can authenticate certificates created by a master Smoothwall’s Certificate Authority. The certificate must be in PEM format to be imported.

You can delete the local certificate authority and its certificate but deleting the local Certificate Authority will invalidate all certificates that it has created. Once the local Certificate Authority has been deleted, the Create local Certificate Authority panel appears. This change in layout occurs because a Certificate Authority no longer exists on the Smoothwall. The Create local Certificate Authority panel replaces the Delete local Certificate Authority panel.