Navigation
Applying the Local Digital Certificate to an IPSec Configuration
To activate a local digital certificate, you configure the IKE proposal to use digital certificates instead of preshared keys, reference the local certificate in the IKE policy, and identify the CA or RA in the service set. To enable the IKE proposal for digital certificates, include the rsa-signatures statement at the [edit services ipsec-vpn ike proposal proposal-name authentication-method] hierarchy level. To reference the local certificate in the IKE policy, include the local-certificate statement at the [edit services ipsec-vpn ike policy policy-name] hierarchy level. To identify the CA or RA in the service set, include the trusted-ca statement at the [edit services service-set service-set-name ipsec-vpn-options] hierarchy level.
[edit services]service-set service-set-name {.....ipsec-vpn-options {trusted-ca ca-profile-name;}}ipsec-vpn {ike {proposal proposal-name {.....authentication-method [pre-shared-keys | rsa-signatures];}policy policy-name {....local-certificate certificate-id-name;}}}
