security vpn ipsec site-to-site peer <peer> authentication x509 ca-cert-file <file-name>
Specifies the name of an X.509 Certificate Authority (CA) certificate file for IPsec authentication of the VPN peer.
- peer
- Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
- file-name
- The certificate file name. This parameter is mandatory if authentication mode is x509.
Configuration mode
security {
vpn {
ipsec {
site-to-site {
peer peer {
authentication {
x509 {
ca-cert-file file-name
}
}
}
}
}
}
}
Use this command to specify the name of an X.509 Certificate Authority (CA) certificate file. The X.509 CA certificate is used for IPsec authentication for the VPN peer.
Certificate and key files are assumed to be in /config/auth unless an absolute path is specified.
Use the set form of this command to specify the name of the CA certificate file.
Use the delete form of this command to remove the name of the CA certificate file.
Use the show form of this command to display CA certificate file configuration.