ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Managing Certificates
The firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to be
authenticated by remote entities. A certificate that authenticates a server, for example, is a file that
contains:
•
A public encryption key to be used by clients for encrypting messages to the server.
•
Information identifying the operator of the server.
•
A digital signature confirming the identity of the operator of the server. Ideally, the signature is
from a trusted third party whose identity can be verified absolutely.
You can obtain a certificate from a well-known commercial Certificate Authority (CA) such as
Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA
takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a
strong assurance of the server's identity. A self-signed certificate will trigger a warning from most
browsers as it provides no protection against identity theft of the server.
Your firewall contains a self-signed certificate from NETGEAR. We recommend that you replace
this certificate prior to deploying the firewall in your network.
From the VPN > Certificates main menu/submenu, you can view the currently loaded certificates,
upload a new certificate and generate a Certificate Signing Request (CSR). Your firewall will
typically hold two types of certificates:
•
CA certificate. Each CA issues its own CA identity certificate in order to validate
communication with the CA and to verify the validity of certificates signed by the CA.
•
Self certificate. The certificate issued to you by a CA identifying your device.
Viewing and Loading CA Certificates
The Trusted Certificates (CA Certificates) table lists the certificates of CAs and contains the
following data:
•
CA Identity (Subject Name). The organization or person to whom the certificate is issued.
•
Issuer Name. The name of the CA that issued the certificate.
•
Expiry Time. The date after which the certificate becomes invalid.
8-8
Managing Users, Authentication, and Certificates
v1.0, October 2008