Manual Installation of CA Certificates in NSM

If you did not use SCEP, you must manually contact your CA, obtain a CA certificate, and create a certificate authority Object. Then, add the CA certificate to the device and install it on the device:

1. Open the device configuration and select VPN Settings > CA Certificates. Click the Add icon and add the certificate authority object. Close the device configuration.
2. Right-click the device and select Certificates > Update CA Certificate. This directive uses the information in the management system to update the information on the physical system. A Job Manager window appears to display job information and job progress.

   Note: For devices running ScreenOS 5.x, you must install a TFTP server on the NSM device server. The device server automatically uses TFTP to load the CA certificate onto your managed devices. For more information about creating a TFTP server on the device server, see the Network and Security Manager Installation Guide.

3. When the job is complete, close the Job Manager window.

For devices running ScreenOS 5.1 and later, the device server automatically uses Secure Server Protocol (SSP) (the protocol used for the management connection) to load the CA certificate.

To view CA certificate, open the device configuration and select VPN Settings > CA Certificates.

Related Documentation

• Configuring Certificate Revocation Lists (NSM Procedure)
• Imported Certificates in NSM Overview
• Installing CA Certificates Using SCEP in NSM