Installing a Certificate Using Manual Enrollment

Procedure

Step 1

On the Devices > Certificates screen, choose Add to open the Add New Certificate dialog.

Step 2

Choose a device from the Device drop-down list.

Step 3

Associate a certificate enrollment object with this device in one of the following ways:

Choose a Certificate Enrollment Object of the type Manual from the drop-down list.
Click (+), to add a new Certificate Enrollment Object, see Adding Certificate Enrollment Objects.

Step 4

Press Add to start the enrollment process.

Step 5

Execute the appropriate activity with your PKI CA Server to obtain an identity certificate.

Click Identity Certificate warning to view and copy the CSR.
Execute the appropriate activity with your PKI CA Server to obtain an identity certificate using this CSR.

This activity is completely independent of the Secure Firewall Management Center or the managed device. When complete, you will have an Identity Certificate for the managed device. You can place it in a file.
To finish the manual process, install the obtained identity certificate onto the managed device.

Return to the Secure Firewall Management Center dialog and select Browse Identity Certificate to choose the identity certificate file.

Note

Ensure not to choose a binary certificate (PKCS12, DER, and alike) file because threat defense does not support them.

Step 6

Select Import to import the Identity Certificate.

The Identity Certificate status will be Available when the import complete.

Step 7

Click the magnifying glass to view the Identity Certificate for this device.

What to do next

When enrollment is complete, a trustpoint exists on the device with the same name as the certificate enrollment object. Use this trustpoint in the configuration of your Site to Site and Remote Access VPN Authentication Method