You can use certificates for:
- Mobile VPN with IKEv2 tunnel authentication
- Mobile VPN with IPSec tunnel authentication
- Mobile VPN with L2TP tunnel authentication
- BOVPN tunnel authentication
- BOVPN virtual interface tunnel authentication
- Web Server Certificate for Firebox Authentication — The web server certificate is the certificate that the Firebox uses to secure HTTPS connections for management sessions, WebBlocker overrides, and other purposes.
Third-party or self-signed certificates cannot be used for Mobile VPN authentication.
If you use a certificate for authentication, it is important to track when the certificates expire. This helps to avoid disruptions in critical services such as VPN.
When you perform any of these procedures, we recommend that you Connect to a Device with WatchGuard System Manager so Policy Manager can download the list of currently installed certificates. If you save changes from a local configuration file and the new settings do not match the certificates on the Firebox, your Firebox may not operate correctly.