Setup Certificates

Similar to OpenVPN, a set of certificates is required for the server and clients.

Create a Certificate Authority

If one is not already available, then the first task is to create a Certificate Authority.

  • Navigate to System > Cert Manager in the AZTCO-FW webGUI
  • Click +  to create a new certificate authority
  • Select Create an internal Certificate Authority for the Method
  • Fill in the rest of the fields as desired with company or site-specific information
  • Click Save

Create a Server Certificate

  • Navigate to System > Cert Manager, Certificates tab in the AZTCO-FW webGUI
  • Click +  to create a new certificate
  • Select Create an internal certificate for the Method
  • Enter a Descriptive Name such as IKEv2 Server
  • Select the appropriate Certificate Authority created in the previous step
  • Choose the desired Key length, Digest algorithm, and Lifetime
  • Set the Certificate Type to Server Certificate
  • Fill in the regional and company values in the Distinguished name fields as desired, they are copied from the CA and may be left as-is
  • Enter the Common Name as the hostname of the firewall as it exists in DNS
  • Click +  to add a new Alternative Name
  • Enter DNS in the Type field
  • Enter the hostname of the firewall as it exists in DNS again in the Value field – Some clients require the value in SAN not just CN!
  • Click   to add a new Alternative Name
  • Enter IP in the Type field
  • Enter the WAN IP address of the firewall in the Value field
  • Add more Alternative Names as needed for additional hostnames or IP address on the firewall that clients may use to connect
  • Click Save

Create Client Certificates

  • Navigate to System > Cert Manager, Certificates tab in the AZTCO-FW webGUI
  • Click +  to create a new certificate
  • Select Create an internal certificate for the Method
  • Enter a Descriptive Name such as client1
  • Select the appropriate Certificate Authority
  • Choose the desired Key length, Digest algorithm, and Lifetime
  • Set the Certificate Type to User Certificate
  • Fill in the regional and company values in the Distinguished name fields as desired, they are copied from the CA and may be left as-is
  • Enter the Common Name as the client username, such as client1
  • Click +  to add a new Alternative Name
  • Enter DNS in the Type field
  • Enter the user name again in the Value field, such as client1
  • Click Save

Repeat as needed for additional clients

© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.