Vpn Certificates Screen - NETGEAR UTM5 Reference Manual

ProSecure Unified Threat Management (UTM) Appliance
The UTM uses digital certificates to authenticate connecting VPN gateways or clients, and to
be authenticated by remote entities. A digital certificate that authenticates a server, for
example, is a file that contains the following elements:
• A public encryption key to be used by clients for encrypting messages to the server.
• Information identifying the operator of the server.
• A digital signature confirming the identity of the operator of the server. Ideally, the
signature is from a trusted third party whose identity can be verified.
You can obtain a digital certificate from a well-known commercial certification authority (CA)
such as Verisign or Thawte, or you can generate and sign your own digital certificate.
Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate
from a commercial CA provides a strong assurance of the server's identity. A self-signed
certificate triggers a warning from most browsers because it provides no protection against
identity theft of the server.
The UTM contains a self-signed certificate from NETGEAR. This certificate can be
downloaded from the UTM login screen for browser import. However, NETGEAR
recommends that you replace this digital certificate with a digital certificate from a well-known
commercial CA prior to deploying the UTM in your network.

VPN Certificates Screen

To display the Certificates screen, select VPN > Certificates. Because of the large size of
this screen, and because of the way the information is presented, the Certificates screen is
divided and presented in this manual in three figures
page 401, and Figure 247
The Certificates screen lets you to view the currently loaded digital certificates, upload a new
digital certificate, and generate a certificate signing request (CSR). The UTM typically holds
two types of digital certificates:
• CA certificates. Each CA issues its own digital certificate to validate communication with
the CA and to verify the validity of digital certificates that are signed by the CA.
• Self-signed certificates. The digital certificates that are issued to you by a CA to identify
your device.
The Certificates screen contains four tables that are explained in detail in the following
sections:
• Trusted Certificates (CA Certificate) table. Contains the trusted certificates that were
issued by CAs and that you uploaded (see
• Active Self Certificates table. Contains the self-signed certificates that were issued by
CAs and that you uploaded (see
• Self Certificate Requests table. Contains the self-signed certificate requests that you
generated. These requests might or might not have been submitted to CAs, and CAs
might or might not have issued certificates for these requests. Only the self-signed
certificates in the Active Self Certificates table are active on the UTM (see
Self-Signed Certificates
Managing Users, Authentication, and VPN Certificates
on page 404).
Manage CA Certificates
Manage Self-Signed Certificates
on page 400).
398
(Figure 243 on page 399,
on this page).
on page 400).
Figure 245 on
Manage