WatchGuard Technologies SSL VPN Benutzerhandbuch
Overview of the Certificate Signing Request
112
Firebox SSL VPN Gateway
Note
When you save the Firebox SSL VPN Gateway configuration, any certificates that are already installed are
included in the backup.
included in the backup.
To install a certificate file using the Administration Tool
1
Click the VPN Gateway Cluster tab.
2
On the Administration tab, next to Upload a signed Certificate (.crt), click Browse.
This button is used only when you are installing a signed certificate generated on the Certificate
Signing Request tab.
This button is used only when you are installing a signed certificate generated on the Certificate
Signing Request tab.
3
Locate the file you want to upload and click Open.
Note
When the client certificate is uploaded, it is converted automatically to PEM format.
You can also upload the certificate using the Administration Portal.
To upload a certificate using the Administration Portal
1
On the Administration Portal main page, click Maintenance.
2
Next to Upload Signed Certificate (.crt), click Browse.
3
Navigate to the certificate and upload the file.
Installing a Certificate and Private Key from a Windows Computer
If you are using a load balancer or you have a signed digital certificate with the private key that is stored
on a Windows computer, you can upload this to the Firebox SSL VPN Gateway. If the Firebox SSL VPN
Gateway is not behind a load balancer, the certificate must contain the FQDN of the Firebox SSL VPN
Gateway. If the Firebox SSL VPN Gateway is behind a load balancer, each appliance must contain the
same certificate and private key. For more information, see “Connecting to a Server Load Balancer” on
page 28.
on a Windows computer, you can upload this to the Firebox SSL VPN Gateway. If the Firebox SSL VPN
Gateway is not behind a load balancer, the certificate must contain the FQDN of the Firebox SSL VPN
Gateway. If the Firebox SSL VPN Gateway is behind a load balancer, each appliance must contain the
same certificate and private key. For more information, see “Connecting to a Server Load Balancer” on
page 28.
To install a certificate and private key from a Windows computer
1
Click the Firebox SSL VPN Gateway Cluster tab and open the window for the appliance.
2
Click the Administration tab.
3
Next to Upload a .pem private key and signed certificate, click Browse.
4
Navigate to the certificate and then click Open.
When you upload the certificate to the Firebox SSL VPN Gateway, you are asked for a password to
encrypt the private key.
encrypt the private key.
Installing Root Certificates on the Firebox SSL VPN Gateway
Root certificates are provided by the CA and are used by SSL clients to validate certificates presented by
an SSL server.When an SSL client attempts to connect to an SSL server, the server presents a certificate.
The client consults its root certificate store to see if the certificate that the SSL server presented is signed
by a CA that the root certificate trusts. If you deploy the Firebox SSL VPN Gateway in any environment
where the Firebox SSL VPN Gateway must operate as the client in an SSL handshake (initiate encrypted
connections with another server), install a trusted root certificate on the Firebox SSL VPN Gateway.
an SSL server.When an SSL client attempts to connect to an SSL server, the server presents a certificate.
The client consults its root certificate store to see if the certificate that the SSL server presented is signed
by a CA that the root certificate trusts. If you deploy the Firebox SSL VPN Gateway in any environment
where the Firebox SSL VPN Gateway must operate as the client in an SSL handshake (initiate encrypted
connections with another server), install a trusted root certificate on the Firebox SSL VPN Gateway.