ProSecure Unified Threat Management (UTM) Appliance

On the UTM, the uploaded digital certificate is checked for validity and purpose. The digital certificate is accepted when it passes the validity test and the purpose matches its use. The check for the purpose needs to correspond to its use for IPSec VPN, SSL VPN, or both. If the defined purpose is for IPSec VPN and SSL VPN, the digital certificate is uploaded to both the IPSec VPN certificate repository and the SSL VPN certificate repository. However, if the defined purpose is for IPSec VPN only, the certificate is uploaded only to the IPSec VPN certificate repository.

The UTM uses digital certificates to authenticate connecting VPN gateways or clients, and to be authenticated by remote entities. A digital certificate that authenticates a server, for example, is a file that contains the following elements:

A public encryption key to be used by clients for encrypting messages to the server.

Information identifying the operator of the server.

A digital signature confirming the identity of the operator of the server. Ideally, the signature is from a trusted third party whose identity can be verified.

You can obtain a digital certificate from a well-known commercial certification authority (CA) such as VeriSign or Thawte, or you can generate and sign your own digital certificate. Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate from a commercial CA provides a strong assurance of the server’s identity. A self-signed certificate triggers a warning from most browsers because it provides no protection against identity theft of the server.

The UTM contains a self-signed certificate from NETGEAR. This certificate can be downloaded from the UTM login screen for browser import. However, NETGEAR recommends that you replace this digital certificate with a digital certificate from a well-known commercial CA before you deploy the UTM in your network.

VPN Certificates Screen

To display the Certificates screen, select VPN > Certificates. Because of the large size of this screen, and because of the way the information is presented, the Certificates screen is divided and presented in this manual in three figures (Figure 253 on page 421, Figure 255 on page 423, and Figure 257 on page 426).

The Certificates screen lets you view the currently loaded digital certificates, upload a new digital certificate, and generate a certificate signing request (CSR). The UTM typically holds two types of digital certificates:

CA certificates. Each CA issues its own digital certificate to validate communication with the CA and to verify the validity of digital certificates that are signed by the CA.

Self-signed certificates. The digital certificates that are issued to you by a CA to identify your device.

The Certificates screen contains four tables that are explained in detail in the following sections:

Trusted Certificates (CA Certificate) table. Contains the trusted certificates that were issued by CAs and that you uploaded (see Manage CA Certificates on this page).

Manage Users, Authentication, and VPN Certificates

420

Page 420
Image 420
NETGEAR UTM5EW-100NAS, STM150EW-100NAS manual VPN Certificates Screen, 420