Line 29: |
Line 29: |
| This configuration guide will generate our own CA cert that will be used to self-sign our own keys and local certs for both devices. | | This configuration guide will generate our own CA cert that will be used to self-sign our own keys and local certs for both devices. |
| | | |
− | ===Generating CA Cert=== | + | ===Generating Certs=== |
| + | ---- |
| + | |
| + | |
| + | ====Generating CA Cert==== |
| ---- | | ---- |
| | | |
Line 68: |
Line 72: |
| After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*. | | After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*. |
| | | |
− | ===Generating Rut1 Client Cert=== | + | [Screenshot Here] |
| + | |
| + | ====Generating Rut1 Client Cert==== |
| ---- | | ---- |
| | | |
Line 94: |
Line 100: |
| | | |
| - Signed Certificate Name: RUT1 | | - Signed Certificate Name: RUT1 |
| + | - Type of Certificate to Sign: Client Certificate |
| + | - Certificate Request File: RUT1.req.pem |
| + | - Days Valid: 3650 |
| + | - Certificate Authority File: CAIPSec.cert.pem |
| + | - Certificate Authority Key: CAIPSec.key.pem |
| + | - Leave the rest of the configuration alone |
| + | - `Sign` |
| + | |
| + | After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.cert.pem under *Certificates*. |
| + | |
| + | [Screenshot Here] |
| + | |
| + | ====Generating Rut2 Client Cert==== |
| + | ---- |
| + | |
| + | We will still generate RUT2 certs on the RUT1 device, so that we can sign our certs with the CA created earlier. |
| + | Later we will download the certs required for RUT2 and import them there. |
| + | |
| + | * Login to the router's WebUI and go to '''System → Administration → Certificates'''. |
| + | The following are the settings used for this example, but values should be changed depending on your specific needs: |
| + | |
| + | - File Type: Client |
| + | - Key Size: 1024 |
| + | - Name (CN): RUT2 // This can be whatever name you choose. |
| + | - Subject Information: Toggled On // It is recommended to fill out at least Country Code, State/Province and Organization Name. |
| + | - Country Code (CC): US // Fill your country code |
| + | - State or Province Name (ST): TX // Fill your State/Province name |
| + | - Locality Name (L): RUT2 // Fill your locality name, or at least a recognizable name for your CA |
| + | - Organization Name (O): RUT2 // Fill your Organization name |
| + | - Organizational Unit Name (OU): RUT2 // Fill your specific Unit Name |
| + | - `Generate` Certificate |
| + | |
| + | [Screenshot Here] |
| + | |
| + | After you hit Generate the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT2.key.pem under *Keys* and a RUT1.req.pem under *Certificate requests*. |
| + | |
| + | |
| + | Next we need to sign the RUT2 cert. |
| + | Under the `Certificate signing` configure as follows: |
| + | |
| + | - Signed Certificate Name: RUT2 |
| + | - Type of Certificate to Sign: Client Certificate |
| + | - Certificate Request File: RUT2.req.pem |
| + | - Days Valid: 3650 |
| + | - Certificate Authority File: CAIPSec.cert.pem |
| + | - Certificate Authority Key: CAIPSec.key.pem |
| + | - Leave the rest of the configuration alone |
| + | - `Sign` |
| + | |
| + | After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT2.cert.pem under *Certificates*. |
| + | |
| + | [Screenshot Here] |
| + | |
| + | ====Download/Import Certs==== |
| + | ---- |
| + | |
| + | Starting with RUT1 |
| + | |
| + | * Login to the router's WebUI and go to '''System → Administration → Certificates -> Certificates Manager''' |
| + | * Download CAIPSec.cert.pem, RUT2.cert.pem & RUT2.key.pem |
| + | |
| + | Next moving to RUT2 |
| + | |
| + | * Login to the router's WebUI and go to '''System → Administration → Certificates -> Certificates Manager''' |
| + | * Import Certificate File *Browse* and import CAIPSec.cert.pem, RUT2.cert.pem & RUT2.key.pem |
| + | |
| + | ===IPSec RUT1 Config=== |
| + | ---- |
| | | |
− | ===Generating Rut2 Client Cert=== | + | ===IPSec RUT2 Config=== |
| ---- | | ---- |