Use Openssl To Generate A Csr; Use Microsoft Ca To Create A Certificate; Send The Certificate Request - Watchguard Firebox X15 User Manual

Certificates

Use OpenSSL to generate a CSR

OpenSSL is installed with most GNU/Linux distributions. To download the source code or a Windows binary
file, go to http://www.openssl.org/
use OpenSSL to convert certificates and certificate signing requests from one format to another. For more
information, see the OpenSSL man page or online documentation.
1. Open a command line interface terminal.
2. Type:
openssl genrsa -out privkey.pem 1024
current working directory.
3. Type:
openssl req -new -key privkey.pem -out request.csr
This command generates a CSR in the PEM format in your current working directory.
4. When you are prompted for the x509 Common Name attribute information, type your fully-qualified
domain name (FQDN). Use other information as appropriate.
5. Follow the instructions from your certificate authority to send the CSR.
To create a temporary, self-signed certificate until the CA returns your signed certificate, type at the
command line:
openssl x509 -req -days 30 -in request.csr -key privkey.pem -out sscert.cert
This command creates a certificate inside your current directory that expires in 30 days.
You cannot use a self-signed certificate for VPN remote gateway authentication. We recommend
that you use certificates signed by a trusted third-party Certificate Authority.

Use Microsoft CA to create a certificate

Certification Authority is distributed with Windows Server 2003 as a component. If the Certification Authority
is not installed in the Administrative Tools folder of the Control Panel, follow the manufacturer's instructions
for installation.
When you use this procedure, you act as the certificate authority (CA) and digitally sign your own request. For
the final certificate to be useful, we recommend that you acquire other certificates that connect your private
CA to a widely trusted, third-party certificate authority. You can import these additional certificates on the
Firebox X Edge Certificates page.

Send the certificate request

1. Open your web browser. In the location or address bar, type the IP address of the server where the
Certification Authority is installed, followed by certsrv.
Example: http://10.0.2.80/certsrv
2. Click the Request a Certificate link.
3. Click the advanced certificate request link.
4. To submit a CSR you created using OpenSSL, click the Submit a certificate link.
5. Paste the contents of your CSR file into the Saved Request text box.
The CSR must be in Base-64 PKCS10 or PKCS7 format.
6. Close your web browser.
184
and follow the installation instructions for your operating system. You can
to generate a private key file called privkey.pem in your
Firebox X Edge e-Series