Changes

IPSec Tunnel w/CA Certs Configuration (view source)

Revision as of 00:06, 6 July 2024

60 bytes added ,  00:06
no edit summary
Line 73: Line 73:  
[[File:IPSec CA Cert Generating Manager Check.png|none|none]]
 
[[File:IPSec CA Cert Generating Manager Check.png|none|none]]
   −
<br>
  −
Next we need to sign the CAIPSec CA. We will be Self-Signing our own CA.
  −
Under the '''Certificate signing''' configure as follows:
  −
  −
- Signed Certificate Name: '''''CAIPSec'''''
  −
  −
- Type of Certificate to Sign: '''''Certificate Authority'''''
  −
  −
- Certificate Request File: '''''CAIPSec.req.pem'''''
  −
  −
- Days Valid: '''''3650''''' // For this example we will use 3650 days, but you can configure this to be longer if needed. I would caution against too long of a CA.
  −
  −
- Certificate Authority Key: '''''CAIPSec.key.pem'''''
  −
  −
- Leave the rest of the configuration default
  −
  −
- '''''Sign'''''
  −
<br>
  −
  −
[[File:IPSec CA Cert Signing.png|none|none]]
  −
  −
<br>
  −
After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*.
  −
<br>
  −
  −
[[File:IPSec CA Cert Generating Confirmation2.png|none|none]]
   
<br>
 
<br>
   Line 138: Line 112:  
<br>
 
<br>
   −
Next we need to sign the RUT1 cert.
  −
Under the `Certificate signing` configure as follows:
  −
  −
- Signed Certificate Name: '''''RUT1'''''
  −
  −
- Type of Certificate to Sign: '''''Client Certificate'''''
  −
  −
- Certificate Request File: '''''RUT1.req.pem'''''
  −
  −
- Days Valid: '''''3650'''''
  −
  −
- Certificate Authority File: '''''CAIPSec.cert.pem'''''
  −
  −
- Certificate Authority Key: '''''CAIPSec.key.pem'''''
  −
  −
- Leave the rest of the configuration alone
  −
  −
- '''''Sign'''''
  −
<br>
  −
  −
[[File:IPSec RUT1 Cert Signing.png|none|none]]
  −
  −
<br>
  −
After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.cert.pem under *Certificates*.
  −
<br>
  −
  −
[[File:IPSec RUT1 Cert Manager Check.png|none|none]]
  −
  −
<br>
      
====Generating Rut2 Client Cert====
 
====Generating Rut2 Client Cert====
Line 205: Line 150:     
[[File:IPSec RUT2 Cert Generating Confirmation.png|none|none]]
 
[[File:IPSec RUT2 Cert Generating Confirmation.png|none|none]]
 +
 +
====Signing Certificates====
 +
----
 +
 +
Next we need to sign the CAIPSec CA. We will be Self-Signing our own CA.
 +
Under the '''Certificate signing''' configure as follows:
 +
 +
1. Signed Certificate Name: '''''CAIPSec'''''
 +
 +
2. Type of Certificate to Sign: '''''Certificate Authority'''''
 +
 +
3. Certificate Request File: '''''CAIPSec.req.pem'''''
 +
 +
4. Days Valid: '''''3650''''' // For this example we will use 3650 days, but you can configure this to be longer if needed. I would caution against too long of a CA.
 +
 +
5. Certificate Authority Key: '''''CAIPSec.key.pem'''''
 +
 +
6. Leave the rest of the configuration default
 +
 +
7. '''''Sign'''''
 +
<br>
 +
 +
[[File:IPSec CA Cert Signing.png|none|none]]
 +
 +
<br>
 +
After you hit *Sign* the CA cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a CAIPSec.cert.pem under *Certificates*.
 +
<br>
 +
 +
[[File:IPSec CA Cert Generating Confirmation2.png|none|none]]
 +
<br>
 +
 +
Next we need to sign the RUT1 cert.
 +
Under the `Certificate signing` configure as follows:
 +
 +
1. Signed Certificate Name: '''''RUT1'''''
 +
 +
2. Type of Certificate to Sign: '''''Client Certificate'''''
 +
 +
3. Certificate Request File: '''''RUT1.req.pem'''''
 +
 +
4. Days Valid: '''''3650'''''
 +
 +
5. Certificate Authority File: '''''CAIPSec.cert.pem'''''
 +
 +
6. Certificate Authority Key: '''''CAIPSec.key.pem'''''
 +
 +
7. Leave the rest of the configuration alone
 +
 +
8. '''''Sign'''''
 +
<br>
 +
 +
[[File:IPSec RUT1 Cert Signing.png|none|none]]
 +
 +
<br>
 +
After you hit *Sign* the Client cert you should see a notification pop-up near the top right, and if you select Certificates Manager you should see a RUT1.cert.pem under *Certificates*.
 +
<br>
 +
 +
[[File:IPSec RUT1 Cert Manager Check.png|none|none]]
 +
 +
<br>
    
<br>
 
<br>
Line 210: Line 215:  
Under the `Certificate signing` configure as follows:
 
Under the `Certificate signing` configure as follows:
   −
- Signed Certificate Name: '''''RUT2'''''
+
1. Signed Certificate Name: '''''RUT2'''''
   −
- Type of Certificate to Sign: '''''Client Certificate'''''
+
2. Type of Certificate to Sign: '''''Client Certificate'''''
   −
- Certificate Request File: '''''RUT2.req.pem'''''
+
3. Certificate Request File: '''''RUT2.req.pem'''''
   −
- Days Valid: '''''3650'''''
+
4. Days Valid: '''''3650'''''
   −
- Certificate Authority File: '''''CAIPSec.cert.pem'''''
+
5. Certificate Authority File: '''''CAIPSec.cert.pem'''''
   −
- Certificate Authority Key: '''''CAIPSec.key.pem'''''
+
6. Certificate Authority Key: '''''CAIPSec.key.pem'''''
   −
- Leave the rest of the configuration alone
+
7. Leave the rest of the configuration alone
   −
- '''''Sign'''''
+
8. '''''Sign'''''
 
<br>
 
<br>
  
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/128598"

Navigation menu