Filter
Top Products
Administration Guide 109
CHAPTER 7 Creating and Installing Secure
Certificates
The Firebox SSL VPN Gateway uses certificates for authentication. In the Firebox SSL VPN Gateway
Administration Tool, you can create a certificate to be signed by a Certificate Authority. Then, when the
signed certificate is received, it can be installed on the Firebox SSL VPN Gateway.
This chapter covers the following topics:
• Generating a Secure Certificate for the Firebox SSL VPN Gateway
• Digital Certificates and Firebox SSL VPN Gateway Operation
• Overview of the Certificate Signing Request
• Client Certificates
Note
When configuring certificates do not use 512-bit keypairs. They are subject to brute force attacks.
Generating a Secure Certificate for the Firebox SSL VPN Gateway
The Firebox SSL VPN Gateway includes a digital certificate that is not signed by a trusted Certificate
Authority. Install a digital X.509 certificate that belongs to your company and is signed by a Certificate
Authority on the Firebox SSL VPN Gateway. Your company can operate as its own Certificate Authority,
or you can obtain a digital certificate from a commercial Certificate Authority such as Verisign and
Thawte.
Note
Operating the Firebox SSL VPN Gateway without a digital certificate signed by a Certificate Authority
can subject VPN connections to malicious attacks.
There are two ways to install a secure certificate and private key on the Firebox SSL VPN Gateway:
•
Generate a Certificate Signing Request using the the Administration Tool. When the request is
generated, a certificate and private key are created. The private key remains on the Firebox SSL VPN
Gateway and the certificate is sent to a CA for signing. When the certificate is received back, it is
installed on the appliance. During installation it is paired with the password-protected private key.
WatchGuard recommends using this method to create and install
secure certificates.