>
    Import a Certificate for IKEv2 Gateway Authentication
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. VPNs
    4. Set Up Site-to-Site VPN
    5. Set Up an IKE Gateway
    6. Import a Certificate for IKEv2 Gateway Authentication
    Download PDF

    Import a Certificate for IKEv2 Gateway Authentication

    Table of Contents
    End-of-Life (EoL)

    Import a Certificate for IKEv2 Gateway Authentication

    Perform this task if you are authenticating a peer for an IKEv2 gateway and you did not use a local certificate already on the firewall; you want to import a certificate from elsewhere.
    This task presumes that you selected NetworkIKE Gateways, added a gateway, and for Local Certificate, you clicked Import.
    1. Import a certificate.
      1. Select NetworkIKE Gateways, Add a gateway, and on the General tab, for Authentication, select Certificate. For Local Certificate, click Import.
      2. In the Import Certificate window, enter a Certificate Name for the certificate you are importing.
      3. Select Shared if this certificate is to be shared among multiple virtual systems.
      4. For Certificate File, Browse to the certificate file. Click on the file name and click Open, which populates the Certificate File field.
      5. For File Format, select one of the following:
        • Base64 Encoded Certificate (PEM)—Contains the certificate, but not the key. It is cleartext.
        • Encrypted Private Key and Certificate (PKCS12)—Contains both the certificate and the key.
      6. Select Import private key if the key is in a different file from the certificate file. The key is optional, with the following exception:
        • You must import a key if you set the File Format to PEM. Enter a Key file by clicking Browse and navigating to the key file to import.
        • Enter a Passphrase and Confirm Passphrase.
      7. Click OK.
    2. Continue to the next task.
      Step Configure certificate-based authentication.

    © 2024 Palo Alto Networks, Inc. All rights reserved.