After you generate a Certificate Signing Request (CSR) and obtain the CA-signed certificate based on that CSR, you can import the CA-signed certificate to use it by your edge gateway.


Verify that you obtained the CA-signed certificate that corresponds to the CSR. If the private key in the CA-signed certificate does not match the one for the selected CSR, the import process fails.


  1. Open Edge Gateway Services.
    1. In the top navigation bar, click Networking and click Edge Gateways.
    2. Select the edge gateway that you want to edit and click Services.
  2. Click the Certificates tab.
  3. Select the CSR in the on-screen table for which you are importing the CA-signed certificate.
  4. Import the signed certificate.
    1. Click Signed certificate generated for CSR.
    2. Provide the PEM data of the CA-signed certificate.
      • If the data is in a PEM file on a system you can navigate to, click the Upload button to browse to the file and select it.
      • If you can copy and paste the PEM data, paste it into the Signed Certificate (PEM format) field.

        Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

    3. (Optional) Type a description.
    4. Click Keep.
      Note: If the private key in the CA-signed certificate does not match the one for the CSR you selected on the Certificates screen, the import process fails.


The CA-signed certificate with type Service Certificate appears in the on-screen list.

What to do next

Attach the CA-signed certificate to your SSL VPN-Plus or IPsec VPN tunnels as required. See Configure SSL VPN Server Settings and Specify Global IPsec VPN Settings.