All security certificates used on the router can be centrally managed. The router may require certificates for several functions, including:
Each function will separately validate the certificate that it uses.
To view a security certificate, go to System > Security > Certificates.
SETTING | DESCRIPTION | VALUES |
---|---|---|
NAME | User-defined name identifying the certificate | N/A |
SUBJECT/DISTINGUISHED NAME | The set of values that were entered during the enrollment and creation of the certificate | N/A |
TYPE | The type of certificate | User, CA |
STATUS | Status of the certificate | Untrusted, Valid, Expired, Not yet valid, Wrong private key, Files missing or malformed, Invalid CA |
To create a security certificate:
The Create PEM Certificates window appears.
Configure the following settings to create a security certificate.
SETTING | DESCRIPTION |
---|---|
TYPE | Select from Certificate or Root Certificate |
NAME | Required name identifying the certificate |
CERTIFICATE | Required for TYPE Certificate. Click to upload the certificate file |
PRIVATE KEY | Required for TYPE Certificate. Click to upload the private key file |
CERTIFICATE BUNDLE/CHAIN | Only shown for TYPE Certificate. This is currently not used by any functions on the router |
ROOT CERTIFICATE | Required for TYPE Root Certificate. Optional for TYPE Certificate. Click to upload the root certificate file |
The following table describes which fields are required based on certificate usage.
OPERATION | CERTIFICATE | PRIVATE KEY | CERTIFICATE BUNDLE/CHAIN | ROOT CERTIFICATE |
---|---|---|---|---|
HTTPS | Required | Required | N/A | Ignored |
VPN IPSEC | Required | Required | N/A | Required |
Wi-Fi CLIENT WPA2-ENTERPRISE | Required | Required | N/A | Optional |
When configuring a Wi-Fi Client SSID to use WPA2-Enterprise mode, you can add certificates depending on the selected EAP method (TLS or PEAP) and the requirements of your remote RADIUS server.