Add a Root Certificate and Subordinate (Intermediate Certificate) & Request CSR
- Open the SmartDashboard so you can see all of your network devices.
-
Right Click on Trusted CAs > New CA > Trusted...
-
Give it a name: e.g. E-Tugra_Root. (http servers needs to be checked in the 2nd tab for that)
then click the OPSEC PKI tab.
-
Click the Get Button and open the file 'TrustedRoot.crt' that E-Tugra sent to you.
-
When asked 'Do you accept this certificate authority certificate?' click Ok.
-
Right Click Trusted CAs > New CA > Subordinate...
-
Give it a name: e.g. E-Tugra_Root_Intermediate.
Then click the OPSEC PKI tab and click Get and find E-Tugra_Root.crt file.
Then click Ok to trust this certificate.
-
Gateway Cluster > VPN > Add > Certificate Nickname (e.g. FQDN)
Open the Device properties for the device you want the SSL certificate to be sent out from, click 'Add' to create a CSR.
-
Create a Nickname for the certificate (e.g. E-Tugra or yourdomain.com).
For the CA to enroll from choose the intermediate you made (e.g. E-Tugra_Intermediate).
Then click the Generate button.
-
When a popup window says this can't be undone, click Yes.
-
Enter all of the CSR details into a single line including your country code.
DN:CN=vpn.yourdomain.com,O=Your Company Inc,L=City,ST=State,C=USThen click Ok. If you are getting a SAN certificate click 'Define Alternate Names' and specifies those when prompted.
-
Click View to see the CSR, then choose to either 'Copy to Clipboard' / 'Save to file' for re-entering in the order form.
-
Then during the E-Tugra ordering process for Server type: Choose 'Other', then when prompted you can upload or paste your CSR file.
