SonicWALL 3 User Manual
S
ONIC
WALL S
ONIC
OS S
TANDARD
3.0 A
DMINISTRATOR
’
S
G
UIDE
241
Digital Certificates Overview
C
H A P T E R
40
Chapter 40:
Managing Certificates
Digital Certificates Overview
A digital certificate is an electronic means to verify identity by a trusted third party known as a
Certificate Authority (CA). X.509 v3 certificate standard is a specification to be used with
cryptographic certificates and allows you to define extensions which you can include with your
certificate. SonicWALL has implemented this standard in its third party certificate support.
Certificate Authority (CA). X.509 v3 certificate standard is a specification to be used with
cryptographic certificates and allows you to define extensions which you can include with your
certificate. SonicWALL has implemented this standard in its third party certificate support.
You can use a certificate signed and verified by a third party CA to use with an IKE (Internet Key
Exchange VPN policy. IKE is an important part of IPSec VPN solutions, and it can use digital
certificates to authenticate peer devices before setting up SAs. Without digital certificates, VPN users
must authenticate by manually exchanging shared secrets or symmetric keys. Devices or clients
using digital signatures do not require configuration changes every time a new device or client is
added to the network.
Exchange VPN policy. IKE is an important part of IPSec VPN solutions, and it can use digital
certificates to authenticate peer devices before setting up SAs. Without digital certificates, VPN users
must authenticate by manually exchanging shared secrets or symmetric keys. Devices or clients
using digital signatures do not require configuration changes every time a new device or client is
added to the network.
A typical certificate consists of two sections: a data section and a signature section. The data section
typically contains information such as the version of X.509 supported by the certificate, a certificate
serial number, information, information about the user’s public key, the Distinguished Name (DN),
validation period for the certificate, optional information such as the target use of the certificate. The
signature section includes the cryptographic algorithm used by the issuing CA, and the CA digital
signature.
typically contains information such as the version of X.509 supported by the certificate, a certificate
serial number, information, information about the user’s public key, the Distinguished Name (DN),
validation period for the certificate, optional information such as the target use of the certificate. The
signature section includes the cryptographic algorithm used by the issuing CA, and the CA digital
signature.
SonicWALL Third-Party Digital Certificate Support
SonicWALL supports third party certificates from the following two vendors of Certificate Authority
Certificates:
Certificates:
•
VeriSign
•
Entrust
To implement the use of certificates for VPN SAs, you must locate a source for a valid CA certificate
from a third party CA service. Once you have a valid CA certificate, you can import it into the
SonicWALL to validate your Local Certificates. You import the valid CA certificate into the SonicWALL
using the VPN > CA Certificates page. Once you import the valid CA certificate, you can use it to
validate your local certificates you add in the VPN > Local Certificates page.
from a third party CA service. Once you have a valid CA certificate, you can import it into the
SonicWALL to validate your Local Certificates. You import the valid CA certificate into the SonicWALL
using the VPN > CA Certificates page. Once you import the valid CA certificate, you can use it to
validate your local certificates you add in the VPN > Local Certificates page.