Managing the Certificate Authority

Management Server CA Certificate

Print a copy of the Management Server CA certificate to the screen. You can then manually save it to the client. You can use this for client access to the authentication Web page.

Generate a New Certificate

Type a subject common name, organizational unit, password, and certificate lifetime to make a new certificate.

-For MUVPN users, the common name must agree with the user name of the remote user.

-For Firebox® users, the common name must agree with the Firebox identifying information (normally, its IP address).

-For a generic certificate, the common name is the name of the user.

Note

Type the organizational unit only if you make certificates for MUVPN users. Do not use this for other types of VPN tunnels. The unit name must appear in this format:

GW:<vpn gateway name>

where <vpn gateway name> is the value of config.watchguard.id in the configuration file of the gateway Firebox.

Find and Manage Certificates

Give the serial number, common name, or organizational unit of a certificate to find in the database. Also, as an alternative to a special certificate, you can make sure that only active, revoked, or expired certificates are found. The results of the search show on the List Certificates page.

List and Manage Certificates

See a list of certificates that are in the database. Select the certificates to publish, revoke, put back, or remove. For information about how to manage certificates, see the section that follows.

Upload Certificate Request

Use this page to sign a certificate request from a different device. Type in the common name and organizational unit of the subject and select browse to find the CSR (Certificate Signing Request) file.

Publish a Certificate Revocation List (CRL)

Make the CA publish the CRL to all clients with current certificates. A Managed Firebox client cannot create a VPN tunnel if it uses a certificate that is on the CRL to authenticate.

Managing certificates with the CA Manager

You use the List and Manage Certificates page to publish, revoke, put back, or remove certificates:

1From the List and Manage Certificates page, select the serial number of the certificate to change.

The certificate data appears.

2From the Choose Action drop-down list, select one of the subsequent alternatives and then select GO:

Publish (PEM)

Publishes the certificate in Privacy Enhanced Mail (PEM) format, which uses a protocol for safe Internet e-mail. This lets you save the certificate to a record and upload it to a third-party unit.

Publish (PKC12)

Publishes the certificate in PKCS12 format. Most Web browsers use this format. This lets you save the certificate to a record and upload it to a third-party unit.

User Guide

61

Page 67
Image 67
WatchGuard Technologies Firebox X manual Management Server CA Certificate, Generate a New Certificate, GWvpn gateway name