Manage Self-Signed Certificates - NETGEAR UTM9S Reference Manual

Manage Self-Signed Certificates

Instead of obtaining a digital certificate from a CA, you can generate and sign your own digital
certificate. However, a self-signed certificate triggers a warning from most browsers because
it provides no protection against identity theft of the server. (The following figure shows an
image of a browser security alert.)
There can be three reasons why a security alert is generated for a security certificate:
• The security certificate was issued by a company you have not chosen to trust.
• The date of the security certificate is invalid.
• The name on the security certificate is invalid or does not match the name of the site.
When a security alert is generated, the user can decide whether or not to trust the host.
Figure 235.
Generate a CSR and Obtain a Self-Signed Certificate from a CA
To use a self-signed certificate, you first need to request the certificate from a CA, and then
download and activate the certificate on the UTM. To request a self-signed certificate from a
CA, you need to generate a certificate signing request (CSR) for and on the UTM. The CSR
is a file that contains information about your company and about the device that holds the
certificate. Refer to the CA for guidelines about the information that you need to include in
your CSR.

To generate a new CSR file, obtain a digital certificate from a CA, and upload it to the
UTM:
1. Select VPN > Certificates. The Certificates screen displays. The following figure shows
the middle section of the screen with the Active Self Certificates section, Generate Self
Certificate Request section, and Self Certificate Requests section. (The Self Certificate
Requests table contains some examples.)
ProSecure Unified Threat Management (UTM) Appliance
Managing Users, Authentication, and VPN Certificates
384