VPN Certificates - Any how to ?

  • 1
  • Question
  • Updated 2 years ago
I was cleaning up old unused items in our HMOL and I have accidentally deleted a certificate used to set up our VPN connection between the branch routers and the CVG.

Okay.. so i'm screwed at the moment because I have to update both the routers AND the CVG at the same time. So I have a guaranteed down time. I need this fixed tonight.. :'-( But I can't find ANY guides that say how you should create these certificates.

I've done this:
1. In Keys and Certificates > HiveManager CA, filled in the form, entered a newly generated password and pressed Create.
2. In Keys and Certificates > Server CSR, Filled in the form using the same password as above and pressed create. When asking to sign, I selected 'Sign by HiveManager CA' and pressed OK. I've got the message 'signed successfully'.
3. In my VPN Service, in IPsec VPN Certificate Authority Settings:


When trying to save i'm getting the message:
The server certificate was not issued with the specified CA certificate.

That could very well be, but HOW should I do that? I can't find ANY doc even mentioning the server csr!
Photo of Tiele Declercq

Tiele Declercq

  • 28 Posts
  • 2 Reply Likes

Posted 2 years ago

  • 1
Photo of Tiele Declercq

Tiele Declercq

  • 28 Posts
  • 2 Reply Likes
I'm not sure if it's best practice but I've managed to get this working in this way:

1. On our CA server I made a duplicate template of the RAS template and named it Aerohive and checked 'Allow certificate to be exported'.
2. On our domain controller I requested a new certificate and selected the Aerohive template.
3. I then exported the certificate of our CA server in the trusted root folder to a .CER file and imported this into HMOL.
4. I then exported the new personal Aerohive certificate to a PFX file with the key file included and set-up a password
5. I imported this certificate into HMOL with the pfx convertion tool entering the same password.
6. I then selected our CA certificate as the CA certificate in our VPN Service
7. I selected the imported Aerohive certificate in both the Server certificate and Server key

... And padaboom.. it worked.