Managing Users, Authentication, and Certificates
237
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
You can obtain a digital certificate from a well-known commercial certification authority (CA)
such as Verisign or Thawte, or you can generate and sign your own digital certificate.
Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate
from a commercial CA provides a strong assurance of the server’s identity. A self-signed
certificate triggers a warning from most browsers because it provides no protection against
identity theft of the server.
The VPN firewall contains a self-signed certificate from NETGEAR. This certificate can be
downloaded from the VPN firewall login screen for browser import. However, NETGEAR
recommends that you replace this digital certificate with a digital certificate from a well-known
commercial CA prior to deploying the VPN firewall in your network.
Certificates Screen
To display the Certificates screen, select VPN > Certificates. Because of the large size of
this screen, and because of the way the information is presented, the Certificates screen is
divided and presented in this manual in three figures (Figure 146 on page 238, Figure 148 on
page 240, and Figure 150 on page 243).
The Certificates screen lets you to view the currently loaded digital certificates, upload a new
digital certificate, and generate a certificate signing request (CSR). The VPN firewall typically
holds two types of digital certificates:
• CA digital certificates. Each CA issues its own CA identity digital certificate to validate
communication with the CA and to verify the validity of digital certificates that are signed
by the CA.
• Self-signed certificates. The digital certificates that are issued to you by a CA to identify
your device.
The Certificates screen contains four tables that are explained in detail in the following
sections:
• Trusted Certificates (CA Certificate) table. Contains the trusted digital certificates that
were issued by CAs and that you uploaded (see Manage Self-Signed Certificates on
page 239).
• Active Self Certificates table. Contains the self-signed certificates that were issued by
CAs and that you uploaded (see Manage Self-Signed Certificates on page 239).
• Self Certificate Requests table. Contains the self-signed certificate requests that you
generated. These requests might or might not have been submitted to CAs, and CAs
might or might not have issued digital certificates for these requests. Only the self-signed
certificates in the Active Self Certificates table are active on the VPN firewall (see
Manage Self-Signed Certificates on page 239).
• Certificate Revocation Lists (CRL) table. Contains the lists with digital certificates that
have been revoked and are no longer valid, that were issued by CAs, and that you
uploaded. Note, however, that the table displays only the active CAs and their critical
release date (see Manage the Certificate Revocation List on page 243).
To Next Page
Loading...
Need help?
General