Installing a Certificate Using a PKCS12 File

Procedure

Step 1

Go to Devices > Certificates screen, choose Add to open the Add New Certificate dialog.

Step 2

Choose a pre-configured managed device from the Device drop down list.

Step 3

Associate a certificate enrollment object with this device in one of the following ways:

Choose a Certificate Enrollment Object of the PKCS type from the drop-down list.
Click (+), to add a new Certificate Enrollment Object, see Adding Certificate Enrollment Objects.

Step 4

Press Add.

The CA Certificate and Identity Certificate status will go from In Progress to Available as it installs the PKCS12 file on the device.

Note

When you upload the PKCS12 file for the first time, the file is stored in management center as part of the CertEnrollment object. For any failed enrollments due to a wrong passphrase or failed deployment, retry enrolling the PKCS12 certificate without uploading the file again. A PKCS12 file size should not be larger than 24K.

Step 5

Once Available, click the magnifying glass to view the Identity Certificate for this device.

What to do next

The certificate (trustpoint) on the managed device is named the same as the PKCS#12 file. Use this certificate in your VPN authentication configuration.