Concept Guide

Table Of Contents
crypto-local isakmp server-certificate
crypto-local isakmp server-certificate <cert-name>
Description
This command assigns the server certificate used to authenticate the controller for VPN clients using IKEv1 or
IKEv2
Syntax
Parameter Description
server-certificate
User-defined name of a server certificate installed in the controller. Use the
show crypto-local pki ServerCert command to display the server
certificates that have been imported into the controller.
Usage Guidelines
This certificate is only for VPN clients and not for site-to-site VPN clients. You can assign separate server
certificate for use with VPN clients using IKEv1 and clients using IKEv2. Use the show crypto-local isakmp
server-certificate command to view the server certificate associated with VPN clients. You must import and
configure server certificates separately on master and local controllers.
There is a default server certificate installed in the controller, however this certificate does not guarantee security for
production networks. Best practices is to replace the default certificate with a custom certificate issued for your site
or domain by a trusted CA. You can use the WebUI to generate a Certificate Signing Request (CSR) to submit to a CA
and then import the signed certificate received from the CA into the controller. For more information, see “Managing
Certificates” in the Dell Networking W-Series ArubaOS User Guide.
Example
This command configures a server certificate:
crypto-local isakmp server-certificate MyServerCert
Command History
This command was introduced in ArubaOS 3.2.
Command Information
Platforms Licensing Command Mode
All platforms Base operating system Config mode on master and local
controllers
Dell Networking W-Series ArubaOS 6.5.x | Reference Guide crypto-local isakmp server-certificate | 331