Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Manual Installation of Local Certificates in NSM


If you did not use SCEP, you must manually contact your CA and use the device public key to create a local device certificate. After you have obtained the local certificate (.cer) file from your CA, install that certificate on the device:

  1. Right-click the device and select Certificates > Update Fulfilled Certificate. This directive uses the information in the management system to update the information about the physical system.

  2. Load the certificate file and click OK to install the local certificate on the device.


    For devices running ScreenOS 5.x, you must install a TFTP server on the NSM device server. The device server automatically uses TFTP to load the local certificate onto your managed devices. For more information about creating a TFTP server on the device server, see the Network and Security Manager Installation Guide.

    A Job Manager window appears to display job information and job progress. When the job is complete, close the Job Manager window.

  3. View the local certificate by double-clicking the device configuration and selecting VPN Settings > Local Certificates. The certificate status appears as active, indicating that the certificate file has been successfully installed on both the physical device and the management system.

For devices running ScreenOS 5.1 and later, the device server automatically uses Secure Server Protocol (SSP) (the protocol used for the management connection) to load the local certificate.