Table of Contents
Advertisement
You can obtain a certificate from a well-known commercial Certificate Authority (CA) such as
Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA
takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a
strong assurance of the server's identity. A self-signed certificate will trigger a warning from most
browsers as it provides no protection against identity theft of the server.
Note: If you obtain a certificate from a CA, you must use a Root CA, not an Intermediate
CA. Root certificates are signed by the Root CA itself, while Intermediate
certificates depend on a verification hierarchy leading back to a Root CA.
Your SSL VPN Concentrator contains a self-signed certificate from NETGEAR. NETGEAR
recommends that you replace this certificate prior to deploying the SSL VPN Concentrator in your
network.
From the Certificates menu, you can view the currently loaded certificates, upload a new
certificate and generate a Certificate Signing Request (CSR).
Obtaining a Certificate from a Certificate Authority
To obtain a certificate from a CA, you must generate a Certificate Signing Request (CSR) for your
SSL VPN Concentrator. The CSR is a file containing information about your company and about
the device that will hold the certificate. Refer to the CA for guidelines on the information you
include in your CSR.
To generate a new Certificate Signing Request (CSR) file:
1. Under the System Configuration menu in the left navigation pane, select Certificates. The
Certificates screen displays.
Installing the SSL312
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
v2.1, November 2008
2-9
Advertisement
Table of Contents
