Page 326 / 794 Scroll up to view Page 321 - 325
Vigor2860 Series User’s Guide
312
After clicking
GENERATE
, the generated information will be displayed on the window
below:
IMPORT
Vigor router allows you to generate a certificate request and submit it the CA server, then
import it as “Local Certificate”. If you have already gotten a certificate from a third party, you
may import it directly. The supported types are PKCS12 Certificate and Certificate with a
private key.
Click this button to import a saved file as the certification information. There are three types
of local certificate supported by Vigor router.
Available settings are explained as follows:
Item
Description
Upload Local Certificate
It allows users to import the certificate which is generated by
Vigor router and signed by CA server.
If you have done well in certificate generation, the Status of
the certificate will be shown as “
OK
”.
Page 327 / 794
Vigor2860 Series User’s Guide
313
Upload PKCS12
Certificate
It allows users to import the certificate whose extensions are
usually .pfx or .p12. And these certificates usually
need passwords.
Note:
PKCS12 is a standard for storing private keys and
certificates securely. It is used in (among other things)
Netscape and Microsoft Internet Explorer with their import and
export options.
Upload Certificate and
Private Key
It is useful when users have separated certificates and private
keys. And the password is needed if the private key is
encrypted.
REFRESH
Click this button to refresh the information listed below.
View
Click this button to view the detailed settings for certificate request.
Page 328 / 794
Vigor2860 Series User’s Guide
314
Note:
You have to copy the certificate request information from above window. Next,
access your CA server and enter the page of certificate request, copy the information into
it and submit a request. A new certificate will be issued to you by the CA server. You can
save it.
Delete
Click this button to remove the selected certificate.
3.12.2 Trusted CA Certificate
Trusted CA certificate lists three sets of trusted CA certificate. In addition, you can build a
RootCA certificate if required.
When the local client and remote client are required to make certificate authentication (e.g.,
IPsec X.509) for data passing through SSL tunnel and avoiding the attack of MITM, a trusted
root certificate authority (Root CA) will be used to authenticate the digital certificates offered
by both ends.
However, the procedure of applying digital certificate from a trusted root certificate authority
is complicated and time-consuming. Therefore, Vigor router offers a mechanism which allows
you to generate root CA to save time and provide convenience for general user. Later, such
root CA generated by DrayTek server can perform the issuing of local certificate.
Note
: Root CA can be deleted but not edited. If you want to modify the settings for a Root
CA, please delete the one and create another one by clicking Create Root CA.
Creating a RootCA
Click Create Root CA to open the following page. Type in all the information that the window
request such as certifcate name (used for identifying different certificate), subject alternative
name type and relational settings for subject name. Then click
GENERATE
again.
Page 329 / 794
Vigor2860 Series User’s Guide
315
Importing a Trusted CA
To import a pre-saved trusted CA certificate, please click
IMPORT
to open the following
window. Use
Browse…
to find out the saved text file. Then click
Import
. The one you
imported will be listed on the Trusted CA Certificate window.
For viewing each trusted CA certificate, click
View
to open the certificate detail information
window. If you want to delete a CA certificate, choose the one and click
Delete
to remove all
the certificate information.
Page 330 / 794
Vigor2860 Series User’s Guide
316
3.12.3 Certificate Backup
Local certificate and Trusted CA certificate for this router can be saved within one file. Please
click
Backup
on the following screen to save them. If you want to set encryption password for
these certificates, please type characters in both fields of
Encrypt password
and
Confirm
password
.
Also, you can use
Restore
to retrieve these two settings to the router whenever you want.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top