There are two types of certificates that can be uploaded: self-signed certificates and remotecertificates belonging to a remote peer or CA server. Self-signed certificates can be generated byusing one of a number of freely available utilities for doing this.Example 3.18. Uploading a CertificateThe certificate may either be self-signed or belonging to a remote peer or CA server.Web Interface1. Go to Objects > Authentication Objects > Add > Certificate2. Specify a suitable name for the certificate3. Now select one of the following:• Upload self-signed X.509 Certificate• Upload a remote certificate4. Click OK and follow the instructionsExample 3.19. Associating Certificates with IPsec TunnelsTo associate an imported certificate with an IPsec tunnel.Web Interface1. Go to Interfaces > IPsec2. Display the properties of the IPsec tunnel3. Select the Authentication tab4. Select the X509 Certificate option5. Select the correct Gateway and Root certificates6. Click OK3.7.3. CA Certificate RequestsTo request certificates from a CA server or CA company, the best method is to send a CACertificate Request which is a file that contains a request for a certificate in a well known,predefined format.Manually Creating Windows CA Server RequestsThe NetDefendOS Web Interface (WebUI) does not currently include the ability to generatecertificate requests that can be sent to a CA server for generation of the .cer and .key files requiredby NetDefendOS.It is possible, however, to manually create the required files for a Windows CA server using thefollowing stages.• Create a gateway certificate on the Windows CA server and export it as a file in the .pfx format.• Convert the .pfx file into the .pem format.3.7.3. CA Certificate Requests Chapter 3. Fundamentals135
