EW50 Industrial LTE Cellular Gateway
120
3.4.3 Trusted Certificate
Trusted Certificate includes Trusted CA Certificate List, Trusted Client Certificate List, and Trusted Client Key
List. The Trusted CA Certificate List contains the certificates of external trusted CAs. The Trusted Client
Certificate List contains the others' certificates that you trust. The Trusted Client Key List contains the others’
keys that you have trusted.
Self-signed Certificate Usage Scenario
Scenario Application Timing (same as described in "My Certificate" section)
When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own
local certificates being signed by itself. It also imports trusted certificates for other CAs and Clients.
These certificates can be used for two remote peers to confirm their identity when establishing a
VPN tunnel.
Scenario Description (same as described in "My Certificate" section)
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. It imports a trusted
certificate (BranchCRT) – a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1.
Gateway 2 creates a CSR (BranchCSR) to let the root CA of Gateway 1 sign it to be the BranchCRT
certificate. It imports the certificate into the Gateway 2 as a local certificate. It also imports the
certificates of the root CA of Gateway 1 into the Gateway 2 as trusted ones. (Refer to "My
Certificate" and "Issue Certificate" sections).
An IPsec VPN tunnel can be established with IKE and X.509 protocols starting from either peer, so
that all client hosts in these both subnets can communicate with each other.
Parameter Setup Example is the same as described in "My Certificate" section.
