Thursday, June 14, 2012

How to Install a public CA to Mobile Access / Connectra

1. Generate the CSR
-------------------------------
run "csr_gen <filename>" and follow the instructions.
!NOTE! If the files <filename>.csr and .key still exists, the files are overwritten without warning!
Output:
-> <filename>.key (keyfile)
This is the private key. You are requested if you want to protect this file with a passphrase - please do so. Protect this file and keep it secure.
You need this file and the passphrase later to install the certificate.
-> <filename>.csr
This is the certificate signing request that you have to send to your CA.
you will receive the signed certificate from your CA (certfile)

2. Convert certfile to PEM-Format
-----------------------------------------------------------
If the file you receive is from your CA is in p12 or pfx format convert the file into PEM format (sk30997):
$CVPNDIR/bin/p12ToPem <input-filename(.p12 /
e.g. $CVPNDIR/bin/p12ToPem cert.pfx
If the file you receive is from your CA is in p7b, spc or PKCS#7 format convert the file into PEM format:
$CVPNDIR/bin/p7bToPem <filename (.p7b, .spc, ...)> <output filename (.crt)>
e.g. $CVPNDIR/bin/p7bToPem cert.p7b cert.crt
Output:
->certfile in PEM-format <filename>.crt

3. Install the generated certificate:
--------------------------------------------------
Use this command to install the previous generated certificate:
$CVPNDIR/bin/InstallCert <certfile> <keyfile> '<passphrase>'
4. Restart Daemon
----------------------------
Run "cvpnrestart" on the Gateway

Repeat step 3. and 4. on each member
Finally reinstall the policy to the cluster.