Options
Certificates for mobile VPN
Hi,
I need to create certificates for some mobile VPN users. Can I use Watchguard CA Manager or should I go with other options, like OpenSSL or Easy-RSA? Are there any advantages or disadvantages of using CA Manager? Any suggestions when creating the users certificates?
Thanks...
0
Sign In to comment.
Comments
The WG CA manager is just using OpenSSL in the background -- it just presents a nice(r) UI to do it VIA.
If you're familiar with OpenSSL and already have it set up, it's fine to use that, otherwise use the CA manager, as it'll ensure that all of the appropriate info is in the cert.
See:
(IKEv2)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/authentication_mvpn_ikev2.html
(IPSec)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/authentication_muvpn_web.html
Using the CA manager will ensure that any key use flags are properly set. If you use OpenSSL, you must tell OpenSSL to do that yourself.
-James Carson
WatchGuard Customer Support
Thanks for the links. I found more details on how to use the CA Manager,
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/cert_mgr_use_webbased_wsm.html