Manuals / WatchGuard Technologies / Household Appliance / Water Heater

WatchGuard Technologies SSL VPN manual Installing Multiple Root Certificates

Models: SSL VPN

1 198
Download 198 pages 26.5 Kb
Page 123
Image 123
Installing Multiple Root Certificates

Overview of the Certificate Signing Request

The root certificate that is installed on the Firebox SSL VPN Gateway has to be in PEM format. On Win- dows, the file extension .cer is sometimes used to indicate that the root certificate is in PEM format.

If you are validating certificates on internal connections, the Firebox SSL VPN Gateway must have a root certificate installed.

To install a root certificate on the Firebox SSL VPN Gateway

1On the Firebox SSL VPN Gateway Cluster tab, open the window for an appliance.

2On the Administration tab, next to Manage trusted root certificates, click Manage.

3 On the Manage tab, click Upload Trusted Root Certificate. 4 Navigate to the file and then click Open.

To remove the root certificate, click Remove Trusted Root Certificate.

Installing Multiple Root Certificates

Multiple root certificates can be installed on the Firebox SSL VPN Gateway, however they must be in one file. For example, you can create a text file in a plain text editor (such as Notepad) that contains all of the root certificates. Open each root certificate in another plain text editor window and then copy and paste the contents of each certificate below the last line in the new text window. When all of the certificates are copied to the new file, save the text file in PEM format, and then upload the file to the Firebox SSL VPN Gateway.

Creating Root Certificates Using a Command Prompt

You can also create PEM-formatted root certificates using a DOS command prompt. For example, if you have three PEM root certificates, you can use the following command to create one file that contains all three certificates:

type root1.pem root2.pem root3.pem > current-roots.pem

If you want to add additional root certificates to an existing file, use the following command:

type root4.pem root5.pem >> current-roots.pem

When this command is executed, all five root certificates are in the file current-roots.pem. The double greater than symbol (>>) appends the the contents of root4.pem and root5.pem to the existing con- tents of current-roots.pem.

Resetting the Certificate to the Default Setting

The Firebox SSL VPN Gateway comes with a certificate that is not digitally signed by a Certificate Author- ity. If you need to reimage the appliance, you can reset the certificate to the default certificate that came with the Firebox SSL VPN Gateway. You can do this by using the serial console and selecting the option to reset the certificate.

To reset the default certificate

1Connect the serial cable to the 9-pin serial port on the Firebox SSL VPN Gateway and connect the cable to a computer that is capable of running terminal emulation software.

2On the computer, start a terminal emulation application such as HyperTerminal.

Administration Guide

113

Page 122 Page 124
Page 123
Image 123
WatchGuard Technologies SSL VPN Installing Multiple Root Certificates, Creating Root Certificates Using a Command Prompt
Page 122 Page 124