Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Loading Local Certificate into NSM Management System

    For CA-signed local certificates, after you prompt the device to generate the certificate request, the device creates the public/private key pair that is used to create the local certificate and returns the public key to the management system (the private key never leaves the device). During this time, the certificate status is key pair, meaning that a key pair exists but no certificate has been loaded.

    After you obtain the local certificate, you must load the certificate into the management system using the NSM UI, and then install the certificate on the managed device:

    • For devices running ScreenOS 5.x, you must install a TFTP server on the NSM device server. The device server automatically uses TFTP to load the certificate onto your managed devices. For more information about creating a TFTP server on the device server, see the Network and Security Manager Installation Guide.
    • For devices running ScreenOS 5.1 and later, the device server automatically uses Secure Server Protocol (SSP) to load firmware onto your managed devices. SSP is the protocol used for the management connection between the physical device and the NSM device server.

    After the certificate is installed on the device, the certificate is known as active. To view the current status of your certificate requests, open the device configuration and select VPN Settings > Local Certificates:

    • Before the certificate is fulfilled, the certificate status appears as key pair, indicating a public/private key pair exists but the certificate file does not yet exist on both the physical device and the management system.
    • After the certificate is fulfilled, the certificate status appears as active, indicating that the certificate file has been successfully installed on both the physical device and the management system.

      Note: Any time you need to move information from the physical device to the management system, you are using a Refresh directive; when you need to move information from the management system to the physical device, you are using an Update directive.

    Published: 2013-01-02