Using an External Certificate for SNX
First I downloaded the Thawte Premium SVR CA root certificate from the THAWTE web site. You can also export this from your local browser.
I then imported it as a new CA OPSEC object.
I then went to the Firewall object for the VPN and added another CERT
CN=vpn.nsssolution.com, C=US, O=NSS, OU=NSS, St=Massachusetts, L=Somewhere in MA
Note that the O= must represent the Organizational name as registered with the 3rd Party registration.
Note that the St= uses a small t as part of the syntax
Note that the L= must also be registered as part of the 3rd party vender.
You must also be careful when copying the CSR to the 3rd Party by first copying to a text editor and deleting the alternate blank lines.
(At least with Thawte that was the case)
With Thawte I did not use the PKSCS #7 output format and saved it as a CER file that I then pointed to when “Completing” the CERT install process.