54.3. Certificate for the Intra2net System

  1. The Lancom router requires a special configuration of the Intra2net system certificate. Since version 8 of the LCOS firmware, self-signed keys have not been accepted, only certificates signed by an independent CA. The following shows how such a key can be generated and signed on the Intra2net system.

  2. Firstly, the certificate must be created for the CA: In the Intra2net system, open System > Keys > Own Keys : Data. Click on the menu item "New" to start key creation. The certificate is only used to sign the actual encryption certificates, so we call it server-ca (to be entered in the Name and Host name (CN) fields).

  3. This CA certificate must now be given to the Lancom router. To do this, export it from the Intra2net system using the as .pem option. Then in LANconfig, open the context menu Configuration Administration of the relevant device. Select the option "Upload certificate or file".

    Select the .pem file just created and upload it as the certificate type VPN - Add additional CA certificates.

  4. Now return to the Intra2net system under System > Keys > Own Keys : Data. Create another key as the foundation for the VPN certificate. Please note that the value in the Computer Name (CN) field (i.e. the "Common Name" of an SSL certificate) is later entered into the Lancom router exactly, without tolerance for deviations. Therefore, make sure that you do not make any typos at this point!

  5. Now go to the System > Keys > Own Keys : CA menu on the Intra2net system and select the recently created VPN key. In the Sign keys with other key section , select the CA key created in the previous steps (server-ca) and then click Sign.

    Now check the value Issuer/CA under System > Keys > Own Keys : Data. The data specified when the CA certificate was created should be summarized in this field. (If you follow the above example, this field contains the string CN=server-ca. The key can now be used to establish a VPN connection.