SONICWALL SSL OFFLOADS SUPPORT CHAINED CERTIFICATES


CREATE CSR USING SONICWALL SSL OFFLOADER
1. First, unzip your Root, Intermediate, and server certificate files and upload them to the SonicWALL SSL Offloader.

2. Next, select openssl.exe. Or, you could run and install OpenSSL by selecting Custom Installation.

3. Then, from that window select the Intermediate CA file and Site/Domain certificates in a text editor of your choice. Be sure to include the BEGIN AND END CERTIFICATE characters as well. Paste the Site/Domain certificate in the server certificate box, and the intermediate CA file is the intermediary certificate.

4. Be sure to save these files that you uploaded and check to make sure they are active within openssl.

NOW, YOU CAN SET UP THE CHAINED CERTIFICATES:

The example below will shed light on how to load two certificates into individual certificate objects, create a certificate group, and establish the use of the group as a certificate chain.

Key:

Transaction Security device = myDevice

Secure logical server = server1.

PEM-encoded, CA generated certificate = server.pem;

PEM-encoded certificate = inter.pem.

Recognized and local certificate objects = trustedCert and myCert

1. Open the Configuration Manager. Then, attach it and select Configuration. You may be prompted to enter a password.

inxcfg> attach myDevice

inxcfg> configure myDevice

(config[myDevice])>

2. Click SSL Configuration and make an intermediary certificate named CACert, then going into Certificate Configuration. Put the PEM-encoded file into the certificate object, and go back to SSL Configuration.

(config[myDevice])> ssl

(config-ssl[myDevice])> cert myCert create

(config-ssl-cert[CACert])> pem inter.pem

(config-ssl-cert[CACert])> end

(config-ssl[myDevice])>

3. Select Key Association Configuration, and load the PEM-encoded CA certificate and private key files, and go back to SSL Configuration mode.

(config-ssl[myDevice])> keyassoc localKeyAssoc create

(config-ssl-keyassoc[localKeyAssoc])> pem server.pem key.pem

(config-ssl-keyassoc[localKeyAssoc])> end

(config-ssl[myDevice])>

4. Next, choose Certificate Group Configuration, and make the certificate group CACertGroup, then load the certificate object CACert. Then, go back to SSL Configuration mode.

(config-ssl[myDevice])> certgroup CACertGroup create

(config-ssl-certgroup[CACertGroup])> cert myCert

(config-ssl-certgroup[CACertGroup])> end (config-ssl[myDevice])>

5. Now, Select Server Configuration and create the logical secure server server1, link with an IP address, SSL and clear text, a security policy myPol, the certificate group CACertGroup, key association localKeyAssoc, and exit to Top Level mode.

(config-ssl[myDevice])> server server1 create

(config-ssl-server[server1])> ip address 10.1.2.4 netmask 255.255.0.0

(config-ssl-server[server1])> sslport 443

(config-ssl-server[server1])> remoteport 81

(config-ssl-server[server1])> secpolicy myPol

(config-ssl-server[server1])> certgroup chain CACertGroup

(config-ssl-server[server1])> keyassoc localKeyAssoc

(config-ssl-server[server1])> end

(config-ssl[myDevice])> end

(config[myDevice])> end

inxcfg>

6. Lastly, save all of this information to flash memory. Be sure to note, that if it is not saved the configuration will be lost in a power cycle, or if a reload command is used.

inxcfg> write flash myDevice

inxcfg>

CREATE CSR USING SONICWALL SSL OFFLOADER
Back To Guides


Cookie Policy

By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively.

OK