EW50 Industrial LTE Cellular Gateway
113
3.4.2 My Certificate
My Certificate includes a Local Certificate List. Local Certificate List shows all generated certificates by the root
CA for the gateway. It also stores the generated Certificate Signing Requests (CSR) which will be signed by
other external CAs. The signed certificates can be imported as the local ones of the gateway.
Self-signed Certificate Usage Scenario
Scenario Application Timing
When the enterprise gateway owns the root CA and VPN tunneling function, it can generate its own
local certificates by being signed by itself or import any local certificates that are signed by other
external CAs. It can also import trusted certificates for other CAs and Clients. In addition, since it has
the root CA, it also can sign Certificate Signing Requests (CSR) to form corresponding certificates for
others. These certificates can be used for two remote peers to make sure of their identity when
establishing a VPN tunnel.
Scenario Description
Gateway 1 generates the root CA and a local certificate (HQCRT) signed by itself. It imports a trusted
certificate (BranchCRT) –a BranchCSR certificate of Gateway 2 signed by root CA of Gateway 1.
Gateway 2 creates a CSR (BranchCSR) to let the root CA of the Gateway 1 sign it to be the
BranchCRT certificate. It imports the certificate into the Gateway 2 as a local certificate. In addition,
it also imports the certificates of the root CA of Gateway 1 into Gateway 2 as the trusted ones.
(Refer to following two sub-sections)
An IPsec VPN tunnel is established with IKE and X.509 protocols by starting from either peer, so that
