Managing the Certificate Authority
authenticates to the Management Server. The CA makes sure that the managed Firebox clients are authenticated and then gives a certificate to each client. The two managed Firebox clients use the certif- icates to authenticate the VPN tunnel being created between them.
MUVPN and certificates
Because MUVPN clients are not clients of the Management Server, they authenticate to the Firebox. Use the MUVPN Wizard from Policy Manager to contact the CA and create a certificate for the MUVPN client. Policy Manager creates a package that includes this certificate and two other files.
The Firebox administrator gives each MUVPN user a package of files. Together, these files are the MUVPN
The MUVPN user who authenticates with certificates then opens the .wgx file. The root and client certif- icates contained in the cacert.pem and the .p12 files are automatically loaded.
For more information on MUVPN, see the MUVPN Administrator Guide.
Managing the Certificate Authority
You can control different parameters of the Certificate Authority with the
1From WatchGuard System Manager, connect to the Management Server.
You must type the configuration passphrase to connect.
1Select Resources > CA Manager.
or
Click the CA Manager icon on the WatchGuard System Manager toolbar. The icon is shown at left.
The menu of the Certificate Authority Settings pages appears.
2From the menu, select the correct page:
Certificate Authority CA Certificate
Print a copy of the CA (root) certificate to the screen. You can then manually save it to the client.
60 | WatchGuard System Manager |