Replacing Certificates of a VPN Gateway
Scenario
When certificates of a VPN gateway of the GM specification expire or become invalid, you need to replace the certificates.
After certificates of a VPN gateway are replaced, the customer gateway must use the corresponding new CA certificate to renegotiate with the VPN gateway. Otherwise, VPN connections will be disconnected.
Procedure
- Log in to the management console.
- Click in the upper left corner and select the desired region and project.
- Click in the upper left corner of the page, and choose .
- In the navigation pane on the left, choose .
- Click the S2C VPN Gateways tab.
- Locate a VPN gateway of the GM specification, and choose in the Operation column.
- Click Replace and set parameters as prompted.
Table 1 describes the parameters for replacing certificates of a VPN gateway.
Table 1 Parameters for replacing certificates of a VPN gateway Parameter
Description
Example Value
Certificate Name
This parameter cannot be modified.
The value must be the same as the original certificate name.
New Signature Certificate
Certificate used for signature authentication to ensure data validity and non-repudiation.
Use a text editor (such as Notepad++) to open the signature certificate file in PEM format, and copy the certificate content to this text box.
Enter both a signature certificate and its issuing CA certificate.
-----BEGIN CERTIFICATE-----
Signature certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
CA certificate
-----END CERTIFICATE-----
New Signature Private Key
Private key used to decrypt the data that is encrypted by a signature certificate.
Open the signature private key file in KEY format as a text file, and copy the private key to this text box.
-----BEGIN EC PRIVATE KEY-----
Signature private key
-----END EC PRIVATE KEY-----
New Encryption Certificate
Certificate used to encrypt data transmitted over VPN connections to ensure data confidentiality and integrity. The CA that issues the encryption certificate must be the same as the CA that issues the signature certificate.
Use a text editor (such as Notepad++) to open the encryption certificate file in PEM format, and copy the certificate content to this text box.
-----BEGIN CERTIFICATE-----
Encryption certificate
-----END CERTIFICATE-----
New Encryption Private Key
Private key used to decrypt the data that is encrypted by an encryption certificate.
Use a text editor (such as Notepad++) to open the encryption private key file in KEY format, and copy the private key to this text box.
-----BEGIN EC PRIVATE KEY-----
Encryption private key
-----END EC PRIVATE KEY-----
- Select "I have read and understand the preceding risk, and would like to replace the certificates anyway." and click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot