Import a Certificate for IKEv2 Gateway Authentication
Where Can I Use
This?
What Do I Need?
PAN-OS
No license required
Perform this task if you are authenticating a peer for an IKEv2 gateway and you didn’t use a
local certificate already on the firewall; you want to import a certificate from
elsewhere.
This
task presumes that you selected
Network
IKE Gateways
, added a gateway,
and for
Local Certificate
, you clicked
Import
.
Import a certificate.
Select
Network
IKE Gateways
,
Add
a gateway,
and on the
General
tab, for
Authentication
,
select
Certificate
. For
Local
Certificate
, click
Import
.
In the Import Certificate window, enter a
Certificate
Name
for the certificate you’re importing.
Select
Shared
if this certificate
is to be shared among multiple virtual systems.
For
Certificate File
,
Browse
to the certificate file. Click on the
filename and click
Open
, which populates the
Certificate File
field.
For
File Format
, select one
of the following:
Base64 Encoded Certificate
(PEM)
—Privacy
Enhanced Mail is the most common format for X.509
certificates, CSRs, and cryptographic keys. PEM contains the
certificate, but not the key.
Encrypted Private Key and Certificate
(PKCS12)
—PKCS12
is a binary format for storing a certificate chain and
private key in a single file. PKCS12 files are used for
importing and exporting certificates and private
keys.
Select
Import private key
if
the key is in a different file from the certificate file. The key
is optional, with the following exception: