Netgear FVS336G Guia De Referência
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
Managing Users, Authentication, and Certificates
7-9
v1.0, October 2007
Managing Certificates
The VPN firewall uses digital certificates to authenticate connecting VPN gateways or clients, and
to be authenticated by remote entities. A certificate that authenticates a server, for example, is a
file that contains:
to be authenticated by remote entities. A certificate that authenticates a server, for example, is a
file that contains:
•
A public encryption key to be used by clients for encrypting messages to the server.
•
Information identifying the operator of the server.
•
A digital signature confirming the identity of the operator of the server. Ideally, the signature is
from a trusted third party whose identity can be verified absolutely.
from a trusted third party whose identity can be verified absolutely.
You can obtain a certificate from a well-known commercial Certificate Authority (CA) such as
Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA
takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a
strong assurance of the server’s identity. A self-signed certificate will trigger a warning from most
browsers as it provides no protection against identity theft of the server.
Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA
takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a
strong assurance of the server’s identity. A self-signed certificate will trigger a warning from most
browsers as it provides no protection against identity theft of the server.
Your VPN firewall contains a self-signed certificate from NETGEAR. We recommend that you
replace this certificate prior to deploying the VPN firewall in your network.
replace this certificate prior to deploying the VPN firewall in your network.
From the VPN > Certificates menu, you can view the currently loaded certificates, upload a new
certificate and generate a Certificate Signing Request (CSR). Your VPN firewall will typically
hold two types of certificates:
certificate and generate a Certificate Signing Request (CSR). Your VPN firewall will typically
hold two types of certificates:
•
CA certificate. Each CA issues its own CA identity certificate in order to validate
communication with the CA and to verify the validity of certificates signed by the CA.
communication with the CA and to verify the validity of certificates signed by the CA.
•
Self certificate. The certificate issued to you by a CA identifying your device.
Viewing and Loading CA Certificates
The Trusted Certificates (CA Certificates) table lists the certificates of CAs and contains the
following data:
following data:
•
CA Identity (Subject Name)—The organization or person to whom the certificate is issued.
•
Issuer Name—The name of the CA that issued the certificate.
•
Expiry Time—The date after which the certificate becomes invalid.