User Interface
R&S
®
GP-E/GP-S
122User Manual v16.2.1 ─ 01
3.4.8.1 Certificates
The "Certificates" settings allow you control the certificates used by the gateprotect
Firewall web interface, the built-in SSL proxy and the OpenVPN server.
To secure encrypted connections, gateprotect Firewall uses digital certificates as
described in the X.509 standard.
gateprotect Firewall itself acts as a certification authority. Therefore, a so-called CA
certificate is required. To centralize the management of the certificates, it is advisable
to create a CA certificate on a central firewall and use it to sign every certificate used
for the application directly. This is called a single-staged certification chain.
All certificates for applications have to be signed by the central firewall. If a certificate is
needed for another firewall, you have to create a request on it. This request has to be
signed by the central firewall. The signed request which you created has to be impor-
ted by the other firewalls to use it.
If the other firewalls require the ability to create certificates for mostly local purposes
which are however recognized as valid to your whole organization, you can use multi-
staged certification chains. Therefore, you need a so-called root CA certificate on your
central firewall with which you sign the secondary CA certificates. You need to create
requests for these secondary CA certificates on your other firewalls. After you imported
the signed CA certificates, the other firewalls themselves are able to sign certificates
for applications. To display these connections clearly, gateprotect Firewall shows them
in a tree view.
Certificates Overview
Navigate to "Cert. Management > Certificates" to display the list of certificates that are
currently defined on the system in a tree of authorities in the item list bar.
The buttons in the item list header allow you to create a new certificate and to import a
certificate from a file.
Upon first boot and after a factory reset, there are four certificates created by default:
Certificate Name Definition
R&S Root CA a root certificate authority for the creation of subordinate certificates
R&S Firewall Manage-
ment Interface
a preconfigured certificate for the management interface
R&S Invalid Certificate an already expired and, therefore, invalid certificate used by the SSL intercep-
tion
R&S SSL Proxy Certifi-
cate Authority
the certificate authority used by the SSL interception
In the expanded view, the item list bar displays the "Name" of the certificate and its
dependency. The buttons behind the individual certificates show you the validity status
and the type of each certificate, allow you to view the details of each certificate, show
additional actions available for the certificate and permanently revoke the certificate.
The additionally available actions include replacing a certificate by importing a new
public key and parent CA for a certificate, exporting a certificate, exporting a Certificate
Menu Reference
To Next Page
Loading...