IKEv2 Certificate Structure

Create a Certificate Authority

If a suitable Certificate Authority (CA) is not present in the Cert Manager, creating one is the first task:

  • Navigate to System > Cert Manager on the AZTCO-FW firewall
  • Click   Add to create a new certificate authority
  • Select Create an internal Certificate Authority for the Method
  • Fill in the rest of the fields as desired with company or site-specific information
  • Click Save

Create a Server Certificate

Warning: Follow these directions exactly, paying close attention to how the server certificate is created at each step. If any one part is incorrect, some or all clients may fail to connect.
  • Navigate to System > Cert Manager, Certificates tab on the AZTCO-FW firewall
  • Click   Add to create a new certificate
  • Select Create an internal certificate for the Method
  • Enter a Descriptive Name such as IKEv2 Server
  • Select the appropriate Certificate Authority created in the previous step
  • Choose the desired Key Type, Key length, Digest algorithm, and Lifetime
  • Enter the Common Name as the hostname of the firewall as it exists in DNS. If clients will connect by IP address, place the IP address here instead
  • Fill in the regional and company values in the Distinguished name fields as desired, they are copied from the CA and may be left as-is
  • Set the Certificate Type to Server Certificate
  • Click   Add to add a new Alternative Name
  • Enter FQDN or Hostname in the Type field
  • Enter the hostname of the firewall as it exists in DNS again in the Value field
  • Click   Add to add another new Alternative Name
  • Enter IP Address in the Type field
  • Enter the WAN IP address of the firewall in the Value field
  • Add more Alternative Names as needed for additional hostnames or IP addresses on the firewall that clients may use to connect
  • Click Save
© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.