A digital certificate is a secure means of authenticating the UTM-1 appliance to other Site-to-Site VPN Gateways. The certificate is issued by the Certificate Authority (CA) to entities such as gateways, users, or computers. The entity then uses the certificate to identify itself and provide verifiable information.
For instance, the certificate includes the Distinguished Name (DN) (identifying information) of the entity, as well as the public key (information about itself). After two entities exchange and validate each other's certificates, they can begin encrypting information between themselves using the public keys in the certificates.
The certificate also includes a fingerprint, a unique text used to identify the certificate. You can email your certificate's fingerprint to the remote user. Upon connecting to the UTM-1 VPN Server for the first time, the entity should check that the VPN peer's fingerprint displayed in the SecuRemote/SecureClient VPN Client is identical to the fingerprint received.
The UTM-1 appliance supports certificates encoded in the PKCS#12 (Personal Information Exchange Syntax Standard) format.