SonicWALL 5.8.1 Manuale Utente
DPI-SSL > Client SSL
796
SonicOS 5.8.1 Administrator Guide
Common Name Exclusions
The Common Name Exclusions section is used to add domain names to the exclusion list. To
add a domain name, type it in the text box and click Add. Click Apply at the top of the page to
confirm the configuration.
add a domain name, type it in the text box and click Add. Click Apply at the top of the page to
confirm the configuration.
Note
The maximum size of the Common Name Exclusion list is a total of 8192 bytes (or 8192
characters).
characters).
Tip
You can enter multiple entries at once by separating the entries with the ^ delimiter. For
example, the following entry will add three individual domains with one click:
example, the following entry will add three individual domains with one click:
example1.com^example2.com^example3.com
Selecting the Re-Signing Certificate Authority
By default, DPI-SSL uses the Default SonicWALL DPI-SSL CA Certificate to re-sign traffic
that has been inspected. Optionally, users can specify that another certificate will be used. To
use a custom certificate, you must first import the certificate to the SonicWALL UTM appliance:
that has been inspected. Optionally, users can specify that another certificate will be used. To
use a custom certificate, you must first import the certificate to the SonicWALL UTM appliance:
1.
Navigate to the System > Certificates page.
2.
Click Import Certificate.
3.
Select the Import a local end-user certificate with private key from a PKCS#12 (.p12
or .pfx) encoded file option.
or .pfx) encoded file option.
4.
Choose password and click Import.
After the certificate has been imported, you must configure it on the Client DPI-SSL page:
1.
Navigate to the DPI-SSL > Client SSL page.
2.
Scroll down to the Certificate Re-Signing Authority section and select the certificate from
the pulldown menu.
the pulldown menu.
3.
Click Apply.
For help with creating PKCS-12 formatted files, see
.
Adding Trust to the Browser
In the previous section we described how to configure a re-signing certificate authority. In order
for re-signing certificate authority to successfully re-sign certificates browsers would have to
trust this certificate authority. Such trust can be established by having re-signing certificate
imported into the browser's trusted CA list.
for re-signing certificate authority to successfully re-sign certificates browsers would have to
trust this certificate authority. Such trust can be established by having re-signing certificate
imported into the browser's trusted CA list.
•
Internet Explorer: Go to Tools > Internet Options, click the Content tab and click
Certificates. Click the Trusted Root Certification Authorities tab and click Import. The
Certificate Import Wizard will guide you through importing the certificate.
Certificates. Click the Trusted Root Certification Authorities tab and click Import. The
Certificate Import Wizard will guide you through importing the certificate.
•
Firefox: Go to Tools > Options, click the Advanced tab and then the Encryption tab. Click
View Certificates, select the Authorities tab, and click Import. Select the certificate file,
make sure the Trust this CA to identify websites check box is selected, and click OK.
View Certificates, select the Authorities tab, and click Import. Select the certificate file,
make sure the Trust this CA to identify websites check box is selected, and click OK.
•
Mac: Double-click the certificate file, select Keychain menu, click X509 Anchors, and then
click OK. Enter the system username and password and click OK.
click OK. Enter the system username and password and click OK.