Hello team
question I have to start making vpn no longer with pre-sharekey password but with digital certificates, the question is how do I request this to the provider, I mean what technical words should I use for them to understand which certificate is the one I need.
Att
Just setup your own internal CA. Use windows, lots of guides out there just google/youtube
If by chance youve got a Fortiauthenticator you can use it as a CA too
A bog-standard certificate for HTTPS servers should be sufficient in most cases.
With that said, as already advised, I would expect some coordination with the peer, as they will likely want your tunnel locked down to a specific CA (and vice-versa on YOUR side). If that tunnel is just for them, why don’t they give you the certificate to be used?
I’d use an internal CA for that.
Guys But I beed buy one because of the peer is the goverment so… Yes it can not be local
I have a vpn site to site created with the peer but the vpn is down now because from my site the certificate expired but from the peer site ( goverment ( its active and not expired so I talking with the Services provider Who dice me the Last time a públi digital certicate but they dont know what kind of certicate is… A ssl certicate its not because is for a IPSEC and not for a ssl vpn
You’re better discussing that with your peer, what will be your arragement
Quite likely that govt entity has their own CA, so just ask them for a:
You do not need to own the CA