Step-Up Certificates And Server-Gated Cryptography; Configuring Chained Certificates - SonicWALL SSL-R User Manual

Secure sockets layer ffloading solutions that allow servers to provide both secure and non-secure services at the same high speeds

Hide thumbs Also See for SSL-R:

Hardware manual (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

Table of Contents

Step-Up Certificates and Server-Gated Cryptography

SonicWALL SSL devices support both Netscape International Step-Up Certificates and

Microsoft Server-Gated Cryptography. No special configuration is needed for the device to

function properly with these certificates. Load the certificate normally.

You must specify that your certificate work with both Microsoft and Netscape

Note:

browsers when requesting it from the CA. Otherwise, the server cannot support

both browsers.

Configuring Chained Certificates

Chained certificates are used in certain circumstances such as when a known, trusted CA

(such as Thawte or VeriSign) provides a certificate to attest that certificates created by an

intermediary CA can be trusted. For example, a company can create its own certificates for

internal use only; however, clients do not accept the certificates because they were not

created by a known CA. When private certificates are chained with the trusted CA's

certificate, clients accept them during SSL negotiations.

EXAMPLE: Enabling Chained Certificates

The locally created certificate, the intermediary CA certificate signed by a trusted CA, and

any other intermediary certificates are loaded into individual certificate objects that are

combined into a certificate group . This example demonstrates how to:

•

Load an intermediate CA certificate into a certificate object

•

Create a certificate group

•

Enable using the group as a certificate chain

The name of the SSL device is myDevice . The name of the secure logical server is server1 .

The name of the DER-encoded, intermediary CA certificate is CACert . The name of the

PEM-encoded certificate generated by the intermediary CA is localCertFile . The name of the

certificate group is CACertGroup .

Initiate a management session as described previously.

Attach the configuration manager (remote only) and enter Privileged and

Configuration modes.

Enter SSL Configuration mode and create an intermediary certificate named

CACert , entering into Certificate Configuration mode. Load the DER-encoded file

into the certificate object, and return to SSL Configuration mode.

(config[myDevice])> ssl

(config-ssl[myDevice])> cert CACert create

(config-ssl-cert[CACert])> der CACert

(config-ssl-cert[CACert])> end

(config-ssl[myDevice])>

Chapter 5 Configuration Manager

Page 57

Table of Contents

This manual is also suitable for:

Ssl-ia

Step-Up Certificates And Server-Gated Cryptography; Configuring Chained Certificates - SonicWALL SSL-R User Manual

Step-Up Certificates and Server-Gated Cryptography

Configuring Chained Certificates

Related Manuals for SonicWALL SSL-R

Related Content for SonicWALL SSL-R

This manual is also suitable for:

Table of Contents