Managing the Certificate Authority

authenticates to the Management Server. The CA makes sure that the managed Firebox clients are authenticated and then gives a certificate to each client. The two managed Firebox clients use the certif- icates to authenticate the VPN tunnel being created between them.

MUVPN and certificates

Because MUVPN clients are not clients of the Management Server, they authenticate to the Firebox. Use the MUVPN Wizard from Policy Manager to contact the CA and create a certificate for the MUVPN client. Policy Manager creates a package that includes this certificate and two other files.

The Firebox administrator gives each MUVPN user a package of files. Together, these files are the MUVPN end-user profile. Users who authenticate with shared keys receive one .wgx file. Users who authenticate with certificates receive a .wgx file, a .p12 file (which is the client certificate), and a cacert.pem file (which contains the root certificate).

The MUVPN user who authenticates with certificates then opens the .wgx file. The root and client certif- icates contained in the cacert.pem and the .p12 files are automatically loaded.

For more information on MUVPN, see the MUVPN Administrator Guide.

Managing the Certificate Authority

You can control different parameters of the Certificate Authority with the Web-based CA Manager.

1From WatchGuard System Manager, connect to the Management Server.

You must type the configuration passphrase to connect.

1Select Resources > CA Manager.

or

Click the CA Manager icon on the WatchGuard System Manager toolbar. The icon is shown at left.

The menu of the Certificate Authority Settings pages appears.

2From the menu, select the correct page:

Certificate Authority CA Certificate

Print a copy of the CA (root) certificate to the screen. You can then manually save it to the client.

60

WatchGuard System Manager

Page 66
Image 66
WatchGuard Technologies Firebox X manual Managing the Certificate Authority, From the menu, select the correct