Dell SonicWall SRA 4200 Administrator's Manual page 404

8.
9.
10.
After uploading any intermediate CA certificates, the system should be restarted. The web
server needs to be restarted with the new certificate included in the CA certificate bundle.
11.
12.
13.
14.
15.
404 | SRA 6.0 Administrator's Guide
Are wild card certificates supported?
Answer: Yes.
What CA's certificates can I use with the SRA appliance?
Answer: Any CA certificate should work if the certificate is in X509v3 format, including
Verisign, Thawte, Baltimore, RSA, etc.
Does the SRA appliance support chained certificates?
Answer: Yes, it does. On the System > Certificates page, do the following:
Under "Server Certificates", click Import Certificate and upload the SSL server
–
certificate and key together in a .zip file. The certificate should be named 'server.crt'.
The private key should be named 'server.key'.
Under "Additional CA Certificates", click Import Certificate button and upload the
–
intermediate CA certificate(s). The certificate should be PEM encoded in a text file.
Any other tips when I purchase the certificate for the SRA appliance?
Answer: We recommend you purchase a multi-year certificate to avoid the hassle of
renewing each year (most people forget and when the certificate expires it can create an
administrative nightmare). It is also good practice to have all users that will connect to the
SRA appliance run Windows Update (also known as Microsoft Update) and install the 'Root
Certificates' update.
Can I use certificates generated from a Microsoft Certificate Server?
Answer: Yes, but to avoid a browser warning, you will need to install the Microsoft CA's root
certificate into all Web browsers that will connect to the appliance.
Why can't I import my new certificate and private key?
Answer: Be sure that you upload a .zip file containing the PEM formatted private key file
named "server.key" and the PEM formatted certificate file named "server.crt". The .zip file must
have a flat file structure (no directories) and contain only "server.key" and "server.crt" files. The
key and the certificate must also match, otherwise the import will fail.
Why do I see the status "pending" after importing a new certificate and private key?
Answer: Click the 'configure' icon next to the new certificate and enter the password you
specified when creating the Certificate Signing Request (CSR) to finalize the import of the
certificate. Once this is done, you can successfully activate the certificate on the SRA
appliance.
Can I have more than one certificate active if I have multiple virtual hosts?
Answer: Prior to 2.5 firmware: No, only one can be active, other virtual sites with names
that do not match the name embedded on the SRA appliance's certificate will show security
warnings to any Web browser connecting to them.
With 2.5 firmware or later, it is possible to select a certificate for each Portal under the
Portals > Portals: Edit Portal - Virtual Host tab. The portal Virtual Host Settings fields allow
you to specify separate IP address, and certificate per portal. If the administrator has
configured multiple portals, it is possible to associate a different certificate with each portal.
For example, sslvpn.test.sonicwall.com might also be reached by pointing the browser
to virtualassist.test.sonicwall.com. Each of those portal names can have its own
certificate. This is useful to prevent the browser from displaying a certificate mismatch
warning, such as "This server is abc, but the certificate is xyz, are you sure you want to
continue?".