SonicWALL Internet Security Appliances Importing Certificate with private key, Certificate Details, Certificate Revocation List (CRL )

Page 218 SonicWALL Internet Security Appliance Administrator’s Guide

Importing Certificate with private key

After a certificate is signed by the CA and returned to you, you can import the certificate into the

SonicWALL to be used as a Local Certificate for a VPN Security Association. Use the following steps

to import the certificate into the SonicWALL:

1. In the Import Certificate with private key section of Local Certificates, enter the Certificate

Name.

2. Enter the Certificate Manage ment Pa sswo rd. This passw ord was crea ted when you exported

your signed ce rtificate.

3. Use Browse to locate the certificate file.

4. Click Import, and the certificate appears in the list of Current Certificates.

5. To view details about the certificate, s elect it from the list of Current Certificates.

Certificate Details

Both Certificate Requests and validated Certificates appear in the list of Current Certificates. The

Certificate Details section lists the same information as the CA Certificate Details section, but a

Status entry now appears in the details. If a certificate is valid and ready to be used with a VPN

Security Association, the Status is Verified. If the certificate is not signed by the CA, the Status is

Request Generated. You can also import the corresponding Signed Certifica te in this section.

Additionally, Certificate Signing Requests can be exported and deleted in the Certificate Details

section of a Request Generated certificate.

Certificate Revocation List (CRL )

A Certificate Revo cation List (CRL) is a way to check the validity of an existing certificate. A certific ate

may be invalid for several reasons:

• It i s no longer needed.

• A certificate was stolen or compromised.

• A new certificate was issued that takes precedence over the old certificate.

If a certificate is invali d, th e CA may pub lish the c erti ficat e on a Cert ificate Revocation List at a given

interval, or on an online server in a X.509 v3 database using Online Certificate Status Protocol

(OCSP). Consult you r CA provider for specific d etails on locating a CRL fil e or URL.

Tip The SonicWALL supports obtaining the CRL via HTTP or manually downloading the list.

You can import the CRL by locating the URL and then importing it into the SonicWALL. Certificates

are checked against the CRL by the Soni cWALL for validity when they are used.

You can also enter a URL location of the CRL by enterin g the address in the Enter CRL’s location for

this CA (URL) field. The CRL is downloaded automatic all y at inte rval s determi ned by the CA servic e.