System Configuration 4-9
4.3 Managing Certificate Authority (CA) Certificates
Certificate management includes the following sections:
Importing a CA Certificate
Creating Self Certificates for Accessing the VPN

4.3.1 Importing a CA Certificate

A certificate authority (CA) is a network authority that issues and manages security credentials and
public keys for message encryption. The CA signs all digital certificates that it issues with its own
private key. The corresponding public key is contained within the certificate and is called a CA
certificate. A browser must contain this CA certificate in its Trusted Root Library so that it can trust
certificates “signed” by the CA's private key.
Depending on the public key infrastructure, the digital certificate includes the owner's public key, the
certificate expiration date, the owner's name and other public key owner information.
The AP-5131 can import and maintain a set of CA certificates to use as an authentication option for
Virtual Private Network (VPN) access. To use the certificate for a VPN tunnel, define a tunnel and
select the IKE settings to use either RSA or DES certificates. For additional information on configuring
VPN tunnels, see Configuring VPN Tunnels on page 6-34.
Refer to your AP-5131 network administrator to obtain a CA certificate to import into the AP-5131.
To import a CA certificate:
1. Select System Configuration -> Certificate Mgmt -> CA Certificates from the AP-5131
menu tree.
CAUTION Loaded and signed CA certificates will be lost when changing the
AP-5131’s firmware version using either the GUI or CLI. After a
certificate has been successfully loaded, export it to a secure location
to ensure its availability after a firmware update.
NOTE Verify the AP-5131 device time is synchronized with an NTP server before
importing a certificate to avoid issues with conflicting date/time stamps.
For more information, see Configuring Network Time Protocol (NTP) on
page 4-32.
!