77
edits
Changes
no edit summary
This configuration guide will generate our own CA cert that will be used to self-sign our own keys and local certs for both devices.
This configuration guide will generate our own CA cert that will be used to self-sign our own keys and local certs for both devices.
===Generating CA Cert===
===Generating Certs===
----
====Generating CA Cert====
----
----
After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*.
After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*.
===Generating Rut1 Client Cert===
[Screenshot Here]
====Generating Rut1 Client Cert====
----
----
- Signed Certificate Name: RUT1
- Signed Certificate Name: RUT1
- Type of Certificate to Sign: Client Certificate
- Certificate Request File: RUT1.req.pem
- Days Valid: 3650
- Certificate Authority File: CAIPSec.cert.pem
- Certificate Authority Key: CAIPSec.key.pem
- Leave the rest of the configuration alone
- `Sign`
After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.cert.pem under *Certificates*.
[Screenshot Here]
====Generating Rut2 Client Cert====
----
We will still generate RUT2 certs on the RUT1 device, so that we can sign our certs with the CA created earlier.
Later we will download the certs required for RUT2 and import them there.
* Login to the router's WebUI and go to '''System → Administration → Certificates'''.
The following are the settings used for this example, but values should be changed depending on your specific needs:
- File Type: Client
- Key Size: 1024
- Name (CN): RUT2 // This can be whatever name you choose.
- Subject Information: Toggled On // It is recommended to fill out at least Country Code, State/Province and Organization Name.
- Country Code (CC): US // Fill your country code
- State or Province Name (ST): TX // Fill your State/Province name
- Locality Name (L): RUT2 // Fill your locality name, or at least a recognizable name for your CA
- Organization Name (O): RUT2 // Fill your Organization name
- Organizational Unit Name (OU): RUT2 // Fill your specific Unit Name
- `Generate` Certificate
[Screenshot Here]
After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT2.key.pem under *Keys* and a RUT1.req.pem under *Certificate requests*.
Next we need to sign the RUT2 cert.
Under the `Certificate signing` configure as follows:
- Signed Certificate Name: RUT2
- Type of Certificate to Sign: Client Certificate
- Certificate Request File: RUT2.req.pem
- Days Valid: 3650
- Certificate Authority File: CAIPSec.cert.pem
- Certificate Authority Key: CAIPSec.key.pem
- Leave the rest of the configuration alone
- `Sign`
After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT2.cert.pem under *Certificates*.
[Screenshot Here]
====Download/Import Certs====
----
Starting with RUT1
* Login to the router's WebUI and go to '''System → Administration → Certificates -> Certificates Manager'''
* Download CAIPSec.cert.pem, RUT2.cert.pem & RUT2.key.pem
Next moving to RUT2
* Login to the router's WebUI and go to '''System → Administration → Certificates -> Certificates Manager'''
* Import Certificate File *Browse* and import CAIPSec.cert.pem, RUT2.cert.pem & RUT2.key.pem
===IPSec RUT1 Config===
----
===Generating Rut2 Client Cert===
===IPSec RUT2 Config===
----
----
