Installing a Certificate Using a PKCS12 FileInstalling a Certificate by Importing a PKCS12 File

Procedure

Step 1

Go to Devices > Certificates screen, choose Add to open the Add New Certificate dialog.

Step 2

Go to Devices > Certificates screen, then click + Add > Import PKCS12 File to open the Import PKCS12 File dialog.

Step 3

Choose a pre-configured managed device from the Device drop down list.

Step 4

Specify a Certificate Enrollment type of PKCS12.

Step 5

Select Browse to find and choose your PKCS#12 Certificate file.

Step 6

Enter the Passphrase for decryption.

Step 7

Associate a certificate enrollment object with this device in one of the following ways:

Choose a Certificate Enrollment Object of the PKCS type from the drop-down list.
Choose a Certificate Enrollment Object of the appropriate type from the drop-down list.
Click (+), to add a new Certificate Enrollment Object, see Adding Certificate Enrollment Objects.

Step 8

Press Add.

For file import, the CA Certificate and Identity Certificate status will go from In Progress to Available as it installs the PKCS12 file on the device.

The CA Certificate and Identity Certificate status will go from In Progress to Available as it installs the PKCS12 file on the device.

Note

When you upload the PKCS12 file for the first time, the file is stored in CDO as part of the CertEnrollment object. For any failed enrollments due to a wrong passphrase or failed deployment, retry enrolling the PKCS12 certificate without uploading the file again. A PKCS12 file size should not be larger than 24K.

Step 9

Once Available, click the magnifying glass to view the Identity Certificate for this device.

What to do next

The certificate (trustpoint) on the managed device is named the same as the PKCS#12 file. Use this certificate in your VPN authentication configuration.