WatchGuard Technologies Firebox X Management Server CA Certificate, Generate a New Certificate

Page 67

Managing the Certificate Authority

Management Server CA Certificate

Print a copy of the Management Server CA certificate to the screen. You can then manually save it to the client. You can use this for client access to the authentication Web page.

Generate a New Certificate

Type a subject common name, organizational unit, password, and certificate lifetime to make a new certificate.

-For MUVPN users, the common name must agree with the user name of the remote user.

-For Firebox® users, the common name must agree with the Firebox identifying information (normally, its IP address).

-For a generic certificate, the common name is the name of the user.

Note

Type the organizational unit only if you make certificates for MUVPN users. Do not use this for other types of VPN tunnels. The unit name must appear in this format:

GW:<vpn gateway name>

where <vpn gateway name> is the value of config.watchguard.id in the configuration file of the gateway Firebox.

Find and Manage Certificates

Give the serial number, common name, or organizational unit of a certificate to find in the database. Also, as an alternative to a special certificate, you can make sure that only active, revoked, or expired certificates are found. The results of the search show on the List Certificates page.

List and Manage Certificates

See a list of certificates that are in the database. Select the certificates to publish, revoke, put back, or remove. For information about how to manage certificates, see the section that follows.

Upload Certificate Request

Use this page to sign a certificate request from a different device. Type in the common name and organizational unit of the subject and select browse to find the CSR (Certificate Signing Request) file.

Publish a Certificate Revocation List (CRL)

Make the CA publish the CRL to all clients with current certificates. A Managed Firebox client cannot create a VPN tunnel if it uses a certificate that is on the CRL to authenticate.

Managing certificates with the CA Manager

You use the List and Manage Certificates page to publish, revoke, put back, or remove certificates:

1From the List and Manage Certificates page, select the serial number of the certificate to change.

The certificate data appears.

2From the Choose Action drop-down list, select one of the subsequent alternatives and then select GO:

Publish (PEM)

Publishes the certificate in Privacy Enhanced Mail (PEM) format, which uses a protocol for safe Internet e-mail. This lets you save the certificate to a record and upload it to a third-party unit.

Publish (PKC12)

Publishes the certificate in PKCS12 format. Most Web browsers use this format. This lets you save the certificate to a record and upload it to a third-party unit.

User Guide

61

Page 66 Page 68
Image 67
Page 66 Page 68
Contents WatchGuardSystem Manager User Guide Address Contents Copy the online help system to more computers Setting Up Logging and NotificationImporting Certificates Microsoft Internet Explorer 5.5 LogViewer SettingsApache Software License, Version 2.0, January Log Server Getting StartedAbout WatchGuard System Manager WatchGuard Management ServerAbout Hardware and Appliance Software Installing WatchGuard System ManagerNetwork addresses License KeysOptional interfaces 1Network IP Addresses Without the FireboxExternal interface Trusted interfaceStrong Software encryption levelsBase Uses 40-bit encryptionPutting the Firebox into operation on your network Setting Up Your Management ServerAdmin password Master passwordInstallation Topics After Your InstallationRouted configuration WFS appliance software configuration modesDrop-in configuration Dynamic IP support on the external interface Adding secondary networks to your configurationTo add a secondary networks, do one of these procedures Use the Quick Setup Wizard during installationAbout slash notation Entering IP addressesInstalling the Firebox cables Installation Topics Easy software updates Service and SupportLiveSecurity Service Solutions Threat responses, alerts, and expert adviceLiveSecurity Service Broadcasts Basic FAQs LiveSecurity Service Self Help ToolsNew from WatchGuard Online Training Advanced FAQsKnown Issues Interactive Support ForumOnline Help Using the WatchGuard Users ForumWatchGuard Users Forum WatchGuard Users GroupSoftware requirements Product DocumentationTechnical Support Copy the online help system to more computersHours Web Site Service TimeWe try to supply a solution in a maximum time of four hours Type of ServiceTraining and Certification From the Windows Desktop Monitoring Your NetworkStarting WatchGuard System Manager About the WatchGuard System Manager WindowLog Connecting to a FireboxDisconnecting from a Firebox DeviceSeeing Information about Devices Connecting to a ServerType the password for the Management Server Disconnecting from a ServerCertificates Firebox StatusBranch Office VPN Tunnels No exclamation point Seeing Information on Log ServersMobile user VPN tunnels Pptp user VPN tunnelsMonitoring VPNs Firebox Manager About the WatchGuard ToolbarStarting Security Applications Policy ManagerHistorical Reports Quick Setup WizardHostWatch Log ViewerSetting Up the Log Server Setting Up Logging and NotificationLog Server collects logs from each WatchGuard Firebox Configuration Guide for your version of appliance software WatchGuard Log Server Configuration dialog box appearsType the new log encryption key two times Click OK Setting Global Logging and Notification PreferencesClick Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Traffic log messages Traffic Alarm Event DiagnosticReviewing and Working with Log Files Types of Log MessagesStarting LogViewer Alarm log messagesDiagnostic log messages Log File Names and LocationsBrowse to find the log file and click Open LogViewer Settings Click to set the format of the logs to the default colors Changing LogViewer settings with WFS appliance softwareSelect Edit Find Using LogViewerPaste the data into any text editor Click Browse to find the files to put together Click Merge Click File Merge log filesUsing LogViewer Using LogViewer Creating and Editing Reports Generating Reports of Network ActivityType the report name From Historical Reports, click AddSelect the filter Type the Firebox IP address or host name. Click Add Specifying a Report Time IntervalChange the report definition Specifying Report Sections To consolidate report sections Setting Report PropertiesType the number of items to put in the table Exporting Reports Complete the Filter tabs Using Report FiltersChange the filter properties When finished, click OKRunning Reports Report Sections and Consolidated SectionsReport Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections Public Key Cryptography and Digital Certificates Managing Certificates Certificate AuthorityPKI in a WatchGuard VPN From the menu, select the correct Managing the Certificate AuthorityCertificate Authority CA Certificate Find and Manage Certificates Management Server CA CertificateGenerate a New Certificate GWvpn gateway nameDestroy RevokeReinstate Puts back a certificate that was revoked beforeImporting Certificates Managing the Firebox X Edge Firebox SohoNetscape Netscape CommunicatorSystem Status Troubleshooting ideasAdministration Managing the Firebox X Edge or Soho DeviceLogging Removing CertificatesSystem security and remote management FirewallSelect File Soho Management Clean up on PC Removing Certificates WatchGuard Firebox Software End-User License Agreement Appendix a Copyright and LicensingWatchGuard System Manager Copyright and Trademarks OpenSSL License LicensesOriginal SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses General File Locations Appendix B WatchGuard File LocationsQuick Setup Wizard Default File LocationsHostWatch for Fireware Appliance Software Firebox System Manager for Fireware Appliance SoftwarePolicy Manager for Fireware Appliance Software Policy Manager for WFS Appliance Software WatchGuard System ManagerLogViewer Firebox System Manager for WFS Appliance SoftwareHostWatch for WFS Appliance Software Flash Disk Management for WFS Appliance SoftwareWebBlocker Server Management ServerLog Server User Interface Log Server for WFS Appliance Software Log Server for Fireware Appliance SoftwareHistorical Reports Log Merge Management Server Setup WizardManagement Server User Interface WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100
Top Page Image Contents