SonicWALL SSL-R User Manual page 32

Secure sockets layer ffloading solutions that allow servers to provide both secure and non-secure services at the same high speeds

Hide thumbs Also See for SSL-R:

Hardware manual (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

Table of Contents

Certificates

A certificate is loaded into the device to be used as either a single certificate or part of a

certificate group. Certificates can be imported from PEM, DER, PKCS7, and PKCS12 format

files.

Step-Up Certificates and Server-Gated Cryptography. SonicWALL Transaction

Security devices support both Netscape International Step-Up Certificates and Microsoft

Server-Gated Cryptography. No special configuration is needed for the device to function

properly with these certificates. Load the certificate normally.

You must specify that your certificate will work with both Microsoft and Netscape

Note:

browsers when requesting it from the CA. Otherwise, the server cannot support

both browsers.

Chained Certificates. Chained certificates are used in certain circumstances such as

when a known, trusted CA (such as Thawte or VeriSign) provides a certificate to attest that

certificates created by an intermediary CA can be trusted. For example, a company can

create its own certificates for internal use only; however, clients do not accept the

certificates because they were not created by a known CA. When private certificates are

chained with the trusted CA's certificate, clients accept them during SSL negotiations.

The certificate created locally is loaded into the device as a regular certificate; the locally

created public/private key pair is loaded into the device as a key. The intermediary CA

certificate signed by a trusted CA and any other intermediary certificates are loaded as

individual certificate objects that are combined into a certificate group . An example of

configuring a chained certificate via the configuration manager is presented in Chapter

5 Configuration Manager. See Chapter 6 Graphical User Interface Reference for

information on setting chained certificates using the GUI.

Security Policies

SonicWALL SSL appliances can process a wide range of single and composite cryptography

schemes. The following table shows a comparison of the individual schemes. If you

configure the device to use the weak security policy, all schemes marked as "weak" are

used. If you use the strong security policy, all schemes marked as "strong" are used. The

"default" security policy uses the encryption and message authentication methods

commonly available. The "all" security policy incorporates all listed combinations.

Cryptographic Scheme

ARC4-MD5

ARC4-SHA

DES-CBC3-MD5

DES-CBC3-SHA

DES-CBC-MD5

Page 32 SSL-IA/SSL-R User's Guide

Message

Encryption

Authentication

ARC4* (128)

MD5

ARC4* (128)

SHA1

3DES (168)

MD5

3DES (168)

SHA1

DES (56)

MD5

Security

Key

Policy

Exchange

Assignments

RSA (1024)

strong, default, all

RSA (1024)

strong, default, all

RSA (1024)

strong, all

RSA (1024)

strong, all

RSA (1024)

strong, all

Table of Contents

This manual is also suitable for:

Ssl-ia

SonicWALL SSL-R User Manual page 32

Related Manuals for SonicWALL SSL-R

Related Products for SonicWALL SSL-R

This manual is also suitable for:

Table of Contents