Use a Unique Self-Signed Certificate on the Router

Vigor Router allows the administrator to create and sign a custom certificate for SSL VPN and HTTPS connections. Due to security concerns, it is strongly recommended to have a unique private key on each device for self-signed SSL. This article shows how to generate a customized self-signed certificate then replace the default one on Vigor Router

Create Root CA

1. Make sure the router's time settings are correct. We strongly recommend using the time settings that match the client side.
2. Go to Certificate Management >> Trusted CA Certificate, and click Create Root CA.
3. Enter the identity of your organization in the subjects of Root CA, like the example below, and click Generate.
4. The Root CA will be shown with status "OK". (NOTE: A router can only have one Root CA. To create a new Root CA, you’ll have to delete the old one first.)

Sign a Local Certificate with Root CA

5. Go to Certificate Management >> Local Certificate, and generate a certificate request.
6. Again, enter the identity of your organization for subjects, and click Generate.
7. There will be a new local certificate request on the list with status Requesting. Click Sign to sign the local certificate.
8. Set the date of Validity, and click Sign.
9. The local certificate status will change to "OK".

Replace the Default Certificate

11. Go to Certificate Management >> Local Services List, and select the new certificate created in step 6 for Default Certificate.
12. From the browser, we should see the certificate has changed to the one we set. Now the router is using a customized self-signed certificate.

Import Root CA on the PC

If the VPN Client requires server certificate authentication, please remember to import the router's Root CA on the PC.

13. Go to Certificate Management >> Trusted CA Certificate. Export the certificate.
14. Open this certificate and install it on the PC.