Import a Certificate for IKEv2 Gateway Authentication
Focus
Focus
Network Security

Import a Certificate for IKEv2 Gateway Authentication

Table of Contents

Import a Certificate for IKEv2 Gateway Authentication

Where Can I Use This?What Do I Need?
  • PAN-OS
No license required
Perform this task if you are authenticating a peer for an IKEv2 gateway and you didn’t use a local certificate already on the firewall; you want to import a certificate from elsewhere.
This task presumes that you selected NetworkIKE Gateways, added a gateway, and for Local Certificate, you clicked Import.
  1. Import a certificate.
    1. Select NetworkIKE Gateways, Add a gateway, and on the General tab, for Authentication, select Certificate. For Local Certificate, click Import.
    2. In the Import Certificate window, enter a Certificate Name for the certificate you’re importing.
    3. Select Shared if this certificate is to be shared among multiple virtual systems.
    4. For Certificate File, Browse to the certificate file. Click on the filename and click Open, which populates the Certificate File field.
    5. For File Format, select one of the following:
      • Base64 Encoded Certificate (PEM)—Privacy Enhanced Mail is the most common format for X.509 certificates, CSRs, and cryptographic keys. PEM contains the certificate, but not the key.
      • Encrypted Private Key and Certificate (PKCS12)—PKCS12 is a binary format for storing a certificate chain and private key in a single file. PKCS12 files are used for importing and exporting certificates and private keys.
    6. Select Import private key if the key is in a different file from the certificate file. The key is optional, with the following exception:
      • Import a key if you set the File Format to PEM. Enter a Key file by clicking Browse and navigating to the key file to import.
      • Enter a Passphrase and Confirm Passphrase.
    7. Click OK.
  2. Continue to the next task.