Creating A CSR for the VPN 3000 Series Concentrator
Creating an Enrollment Request for an SSL Certificate for VPN 3000 Series Concentrators
An Enrollment request for an SSL certificate consists of a base 64 encoded PKCS#10 file that the VPN Concentrator generates based on information you provide in the steps that follow.
Note: You must get the SSL certificate for a LAN-to-LAN connection from the same CA that issued its CA certificate.
Step 1. In the Administration | Certificate Management screen. Click Click here to Enroll with a Certificate Authority. The Administration | Certificate Management | Enroll screen displays.
Step 2. Click Identity certificate. The Administration | Certificate Management | Enroll | SSL certificate screen displays.
Step 3. Click Enroll via PKCS10 Request (Manual). The Administration | Certificate Management | Enroll | SSL certificate | PKCS10 Screen displays.
Step 4. Enter values in each of the fields on this screen. (above)
Step 5. When you have finished, click Enroll. The Administration | Certificate Management | Enroll | Request Generated screen displays
The Manager displays this screen when the system has successfully generated a certificate request.
Note You must complete the Enrollment and certificate installation process within one week of generating the request. If you do not, the pending request is deleted .As the screen text indicates, within a few seconds, a browser window opens with the certificate request.
You have generated a base 64 encoded PKCS#10 file (Public Key Certificate Syntax-10), which most CAs recognize or require. The system automatically saves this file in Flash memory with the filename shown in the browser (pkcsNNNN.txt).
In generating the request, the system also generates the private key used in the PKI process. That key remains on the VPN Concentrator in encrypted form.
Step 6. Save the request in to disk to be pasted into the CSR Request field for when you order the certificate online.
Step 7. Close this browser window when you have finished.
Requesting an SSL certificate from a CA for VPN 3000 Series Concentrator
Next you submit the SSL request. This must be the same CA that issued the CA certificate for this LAN-to-LAN connection. Submit the request and retrieve an SSL certificate according to the procedures of your CA.