Certificates for Mobile VPN with IKEv2 Tunnel Authentication

When a Mobile VPN with IKEv2 tunnel is created, the identity of each endpoint must be verified with a certificate. Firebox certificates and third-party certificates are supported.

Certificates for Mobile VPN with IKEv2 authentication have these requirements:

• The server certificate must have the server host name (DNS=<server FQDN>) or server IP address (IP=<server IP address>) as part of the subjectAltName.
• The certificate must include the Extended Key Usage (EKU) flags "serverAuth" and "IP Security IKE Intermediate” (OID 1.3.6.1.5.5.8.2.2).

If you run the setup wizard for Mobile VPN with IKEv2, the Firebox certificate type is automatically specified for your Mobile VPN with IKEv2 configuration.

To edit the Mobile VPN with IKEv2 certificate, see Edit the Mobile VPN with IKEv2 Configuration.

See Also

Mobile VPN with IKEv2

Use the WatchGuard IKEv2 Setup Wizard

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.