Configuring VPN Certificates on a 1st Generation NetVanta 2000 Series

Version 1

    Configuring VPN Certificates on a 1st Generation NetVanta 2000 Series



    NOTE: Time needs to be correct on NetVanta.


    1.      Go to appropriate Certificate server (VeriSign, Microsoft, etc)

    2.      Select Retrieve a CA certificate

    3.      Click Next

    4.      Select Base 64 encoded

    5.      Click on Download CA certificate

    6.      Save it with security certificate extension

    7.      Open Notepad or Wordpad (Select open all files for file of type)

    8.      Copy the complete certificate (Crt-C)

    9.      On the NetVanta, go to Policies, VPN and Certificates

    10.  Under CA Certificate, select UploadCertificate

    11.  Make sure RSA is selected under Signature Algorithm

    12.  Paste the copied certificate (Crtl-V)

    13.  Click OK

    14.  Go to Polices, Certificates and under Self Certificate click on GenerateRequest

    15.  Under name and Subject, select any name

    16.  Use RSA for Signature Algorithm

    17.  Use 1024 for Key length

    18.  Use MD5 for Hash Algorithm

    19.  Click OK

    20.  Select the test using Crtl-A and Crtl-C

    21.  Click on Back to table page

    22.  Under the Private Key Without Public Key, the self certificate should be “waiting”

    23.  Go back to the Certificate Server and select HOME

    24.  Select Request a certificate and click Next

    25.  Select Advanced Request and click Next

    26.  Select Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file and click Next

    27.  Paste (crtl-v) the self certificate and click Submit

    28.  Select Base64 encoded and click on Download CA certificate

    29.  Save it and open it with notepad.

    30.  Select it all (crtl-a) and copy it (crtl-c)

    31.  On the NetVanta, under Self Certificate, select UploadCertificate

    32.  Make sure the name matches with your certificate. Paste it (crtl-v)

    33.  Click OK

    34.  The certificate under Private Key Without Public Key should be gone

    35.  Select the self certificate path (i.e /C=US/CN=name) and copy it (crtl-c)


    1.      Under IKE Policy Configuration select DER ANS1 DN for LocalIdType

    2.      For Local ID Data, paste (crlt-v) the self certificate name.

    3.      For Remote IdType, select DER ANS1 DN and on the Remote ID Data, enter the self-certificate path for the remote unit.

    4.      Save the configuration.