SonicWALL VPN Page 217
Overview of Third Party Digital Certificate Support

X.509 Version 3 Certificate Standard

X.509 v3 certificate standard is a specification to be used with cryptographic certificates and allows
you to define exte n sion s wh ic h yo u ca n inc lud e w ith you r cer tif ica te. So nicW AL L h as im ple m ent ed
this standard in its third party certifi cat e support. You can use a certificate signed and verified by a
third party CA to use with a VPN SA.
A typical certificate consists of two sections: a data section and a signature section. The data section
typically contains information such as the version of X.509 supported by the certificate, a certific ate
serial number, information, information about the user’s public key, the Distinguished Name (DN),
validation period for the certificate, optional information such as the target use of the certificate.
The signature section in clud es the cry ptog raphi c algor ithm us ed by th e issui ng CA, and the C A digi tal
signature.
To implement the use of certif icates for VPN SAs, you must locate a source for a va lid CA certificate
from a third pa rty CA ser vice. Once y ou have a valid CA ce rtificate, you can imp ort it into the
SonicWALL to va lidate your Local Certif icates.

Importing CA Certificates into the SonicWALL

After your CA service has valida ted your CA Certificate, you can import it into the Son icWALL and use
it to validate Local Certificates for VPN Security Associations. To import your CA Certificate into the
SonicWALL, use the fol lo w ing steps:
1. Click VPN, then CA Certificates.
2. Click Browse, and locate the PKCS#7 or DER encoded file s ent by the CA service.
3. Click Open to set the directory path to the certificate, and then click Import to import the
certificate into the SonicWALL. Once it is imported, you can view the Certificate Details.

Certificate Details

The Certificate Details section lists the following information:
Certificate Authority
Subject Distinguished Name
Certificate Issuer
Certificate Serial Number
Expiration Date
No CRL loaded/CRL Expires on
The Certifica te I ss uer , Certificate Serial Nu m ber , an d the Expiration Date are generated by the CA
service. The information is used when a Generate Certificate Signing Request is created and sent
to your CA service for validation.
To delete the certificate, c lick Delete This Certificate. You can delete a certif icate if it has expired or
if you decide not to use Third Party Certificates for VPN authentication. Click Export This CA
Certificate to export the file to your hard drive or a floppy disk