About Certificates; Creating A Certificate Or Signing Request; Using Openssl To Generate A Csr - Watchguard Firebox X20E User Manual

About Certificates

This setting is useful if you have more than one Firebox X Edge that sends syslog messages to the
same syslog host.
Click Submit.
7
Because syslog traffic is not encrypted, syslog messages that are sent through the Internet decrease the
security of the trusted network. It is more secure if you put your syslog host on your trusted network.
About Certificates
When you use secure HTTP to connect to the Firebox X Edge e-Series, the Edge uses a certificate to
secure your management session. A certificate (public key certificate) is a file that uses a digital signa-
ture to match the identification of a person or organization with an encryption key. The digital signa-
ture comes from a certificate authority (CA), an organization that issues and revokes certificates. You
can use third-party certificates from a trusted CA for local or VPN authentication.
You can import one Local Firebox X Edge certificate for local authentication, up to 25 Remote VPN
Gateway certificates (one per gateway), and up to 10 Trusted CA certificates. The certificates you
import on the Firebox X Edge are not included in a configuration backup. However, the distinguished
names of the certificates selected for VPN tunnels are saved. You must import the certificates again for
VPN tunnels to operate correctly.

Creating a certificate or signing request

To create a third-party certificate, you need to put part of a cryptographic key pair in a certificate sign-
ing request (CSR) and send it to a certificate authority (CA). The CA issues a certificate after they receive
the CSR and verify your identity. We recommend that you choose a prominent CA, such as Verisign or
GeoTrust.
To generate a certificate signing request (CSR), you must have a public key from a key pair. A key pair is
a set of mathematically related numbers that are used to send information safely. The private key is
kept secret and used to encrypt data, while the public key is supplied to other users and used to
"unlock" the encrypted data. Use a new key pair for each CSR you create.
You can use the OpenSSL application to generate a CSR on Windows or Linux through the command-
line interface. You can also use the Microsoft Certification Authority to generate a CSR on a Windows
Server operating system as your own certificate authority.

Using OpenSSL to Generate a CSR

OpenSSL is installed with most GNU/Linux distributions. To download the source code or a Windows
binary file, go to
tem. You can use OpenSSL to convert certificates and certificate signing requests from one format to
another. For more information, see the OpenSSL
Open a command line interface terminal.
1
Type openssl genrsa -out privkey.pem 1024 to generate a private key file called privkey.pem
2
in your current working directory.
Type:
3
openssl req -new -key privkey.pem -out request.csr
This command generates a CSR in the PEM format in your current working directory.
150
http://www.openssl.org/ and follow the installation instructions for your operating sys-
man page or online documentation.
Firebox X Edge e-Series