Table of Contents
Advertisement
SonicWALL Third Party Digital Certificate Support
Tip This section assumes that you are familiar with Public Key Infrastructure (PKI) and the
implementation of digital certificates with VPN.
A digital certificate is an electronic means to verify identity by a trusted third party known as a
Certificate Authority (CA). SonicWALL now supports third party certificates in addition to the existing
Authentication Service. The difference between third party certificates and the SonicWALL
Authentication Service is the ability to select the source for your CA certificate. Using Certificate
Authority Certificates and Local Certificates is a more manual process than using the SonicWALL
Authentication Service; therefore, experience with implementing Public Key Infrastructure (PKI) is
necessary to understand the key components of digital certificates.
Internet Key Exchange (IKE) is an important part of IPSec VPN solutions, and it can use digital
signatures to authenticate peer devices before setting up security associations. Without digital
signatures, VPN users must authenticate by manually exchanging shared secrets or symmetric keys.
Devices using digital signatures do not require configuration changes every time a new device is
added to the network.
SonicWALL has implemented X.509v3 as its certificate form and CRLv2 for its certificate revocation
list.
SonicWALL supports the following two vendors of Certificate Authority Certificates:
•
VeriSign
•
Entrust
Page 216 SonicWALL Internet Security Appliance Administrator's Guide
Advertisement
Table of Contents
