Hi,
Setting up a certificate based site-to-site VPN.
I have -
- Created the key-pair.
- Generated a CSR.
- Had the CSR signed by our Windows CA.
- Uploaded the signed certificate to the firewall as a local certificate.
- Uploaded the intermediate CA certificate under one ca-profile.
- Uploaded the root CA certificate under a different ca-profile.
- Uploaded the CA certificate for the external site.
I am having IKE v1 authentication errors.
In the logs I can see " IP; No public key found".
Is there a step I have missed? I noticed on the SRX you cannot upload a certificate chain, so I had to upload the intermediate and root certificates under seperate ca-profiles, do I need to "link" these somehow?
Thanks.