WatchGuard Technologies Firebox X Managing the Certif icate Authority

Managing the Certificate Authority

60 WatchGuard System Manager

authenticates to the Management Server. The CA makes sure that the manag ed Firebox clients are

authenticated and then gives a certificate to each client. The two managed Firebox clients use the certif-

icates to authentica te the VPN tunnel being crea ted between them.

MUVPN and certificat es

Because MUVPN clients are not clients of the Management Server, they authenticate to the Firebox. Use

the MUVPN Wizard from Policy Manager to contact the CA and create a certificate for the MUVPN client.

Policy Manager creates a package that includes this certificate and two other files.

The Firebox administrator gives eac h MUVPN user a package of files. Tog ether, these files are the MUVPN

end-user profile. Users who authenticate with shared keys receive one .wgx file. Users who authenticate

with certificates receive a .wgx file, a .p12 file (which is the client certificate), and a cacert.pem file (which

contains the root certificate).

The MUVPN user who authe nticates with certificates then opens the .wgx file. The root and c lient certif-

icates contained in the cacert.pem and the .p12 files are automatically loaded.

For more information on MUVPN, see the MUVPN Administrator Guide.

Managing the Certif icate Authority

You can control different parameters of the Certificate Authority with the Web-based CA Manager.

1From WatchGuard System M anager, connect to the Manag ement Server.

You must type the configuration passphrase to connect.

1Select Resources > CA Manager.

or

Click the CA Manager icon on the WatchGuard System Manager toolbar. The icon is shown

at left.

The menu of the Certificate Authority Settings pages appears.

2From the menu, select t he correct page:

Certificate Authority CA Certificate

Print a copy of the CA (root) certificate to the screen. You can then manually save it to the client.

Contents

Main ADDRESS: SUPPORT: SALES: ABOUT WATCHGUARD Contents CHAPTER 1 Getting Started CHAPTER 2 Service and Support CHAPTER 3 Monitoring Your Network CHAPTER 4 Setting Up Logging and Notification CHAPTER 5 Reviewing and Working with Log Files CHAPTER 6 Generating Reports of Netw ork Activity CHAPTER 7 Managing Certificates and the Certificate Authority CHAPTER 8 Managing the Firebox X Edge and Firebox SOHO 6 APPENDIX A Copyright and Licensing APPENDIX B W atchGuard File Loc ations About WatchGuard System Manager WatchGuard Manageme nt Server Log Server WebBlocker Server About Hardware and Appliance Software Migration Guide Appliance software Upgrading the appliance software Installation requirements Collecting network infor mation License Keys Network addresses External interface Selecting a firewall confi guration mode Selecting where to install ser ver software Setting up the management station Base Strong Backing up your previous configuration Setting Up Your Management Server Management Server passw ords Master password Admin password Using the Management Server Se tup Wizard 1 After Your Installation Align your security policy Features of the LiveSecurity Ser vice Installation Topics Installing WatchGuard Servers on computers with desktop firewalls WFS appliance software configuratio n modes Routed configuration Drop-in configuration Adding secondary networks t o your configuration Use the Quick Setup Wizard during installation Add the secondary network after the Firebox installation is complete Dynamic IP support on the external interface Entering IP addresses About slash notation Installing the Firebox cable s Page LiveSecurity Service Solutions Threat responses, alerts, and expert advice Easy software updates Access to technical support and training LiveSecurity Service Broadcasts New from WatchGuard Activating the LiveSecurity Service LiveSecurity Service Self Help Tools Basic FAQs Advanced F AQs Known Issues Interactive Support Forum Online Training Learn About Watch Guard Users Forum Using the WatchGuard Users Forum WatchGuard Users Group Online Help Starting WatchGuard Online Help Product Documentation Technical Support LiveSecurity Service Technical Su pport Hours Telephone Number 877.232.3531 in United States and Canada +1.206.613.0456 in all other countries Web Site Training and Certification Page Device VPN Log Connecting to a Firebox Connecting to a Server Seeing Information about Devices Page Mobile user VPN tunnels PPTP user VPN tunnels Connection status No exclamation point Seeing Information on Log Servers Monitoring VPNs About the WatchGuard Toolbar Starting Security Ap plications Configuration Guide Policy Ma nager Firebox Manager Page Setting Up the Log Server Page Changing the Log Server encr yption key Setting Global Logging and Notific ation Preferences Log file size and rollover frequency Setting the interval for log rollover Scheduling log reports Controlling notification Starting and stopping the Log Server Page Files Types of Log Messages Traffic log messages Alarm log messages e. Log File Names and Locations Starting LogViewer Page LogViewer Settings Changing LogViewer settings with F ireware appliance software Changing LogViewer settings with WFS ap pliance software Using LogViewer Creating a Search Rule Searching in LogViewer Highlight in main window Match all Match any New window Consolidating log files 1 2 3 Updating .wgl log files to .xml format Page Page Activity Creating and Editing Reports Starting a new report Editing an existing repor t Deleting a report Viewing the reports list Specifying a Report T ime Interval Specifying Report Sec tions Consolidating Report Se ctions Setting Report Pr operties Exporting Repor ts Using Report Filters Creating a new report filter Editing a report filter Deleting a report filter Applying a report filter Running Reports Report Sections and Consoli dated Sections Report sections Page Consolidated sections Page Certificate Authority Public Key Cryptography and Dig ital Certificates PKI in a WatchGuard VPN MUVPN and certificat es Managing the Certif icate Authority 1 2 Certificate Authority CA Certificate Management Server CA Certificate Managing certificates w ith the CA Manager 1 2 Publish (PEM) Publish (PKC12) Page Firebox SOHO 6 Importing Certi ficates Microsoft Internet Explor er 5.5 and 6.0 1 Netscape Communicator 4.79 Netscape 6 Troubleshooting ideas Managing the Firebox X Edge or SOHO Device 1 2 Select the certificate for this device. Click OK. 3 Click OK. System Status Network Removing Certificates Microsoft Internet Explor er 5.5 and 6.0 Netscape Navigator 4.79 Netscape 6 Page Page Page Page Licenses SSL Licenses This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. OpenSSL License Original SSLeay License Apache Software License, Version 2.0, Januar y 2004 Page PCRE License GNU Lesser General Public License Page Page Page GNU General Public License Page Page Page Sleepycat License Page General File Locations Default File Locations Quick Setup Wizard Firebox System Manager for Fireware Appliance Software Quick Setup Wizard HostWatch for Fireware Appliance Software Policy Manager for Fireware Appliance Software WatchGuard System Manager Policy Manager for WFS Appliance Software Policy Manager for Fireware Appliance Software Firebox System Manager for WFS Appliance Software HostWatch for WFS Appliance Software Flash Disk Management for WFS Appliance Software LogViewer Policy Manager for WFS Appliance Software Management Server WebBlocker Server Log Server User Interface LogViewer Log Server for Fireware Appliance Softwa re Log Server for WFS Appliance Software Historical Reports Log Merge Management Server Setup Wizard Management Server User Interface Historical Reports WatchGuard Certificate Authority Page Index Symbols A C D I K L M N R S T U V ADDRESS: SUPPORT: SALES: ABOUT WATCHGUARD