Administration Guide 111
Overview of the Certificate Signing Request
private key from tampering and it is also required when restoring a saved configuration to the Firebox
SSL VPN Gateway. Passwords are used whether the private key is encrypted or unencrypted.
Note
Caution: When you upgrade to Version 6.0 and save the configuration file, it cannot be used on earlier
versions of the Firebox SSL VPN Gateway. If you attempt to upload the Version 6.0 configuration file to
an earlier version, the Firebox SSL VPN Gateway becomes inoperable.
You can also import a password-protected certificate and private key pairs in the PKCS12 format. This
allows encrypted and password-protected private keys and certificates created on the Firebox SSL VPN
Gateway to be imported.
Note
Caution: If you save the configuration on Version 4.5 of the Firebox SSL VPN Gateway, do not install it on
an earlier version of the appliance. Because the private key is encrypted in Version 4.5, older versions
cannot decrypt it and the appliance becomes inoperable.
Creating a Certificate Signing Request
The CSR is generated using the Certificate Request Generator in the Firebox SSL VPN Gateway Adminis-
tration Tool.
To create a Certificate Signing Request
1Click the VPN Gateway Cluster tab and open the window for the appliance.
2On the Certificate Signing Request tab, type the required information in the fields and then click
Generate Request.
Note
Note: In the field VPN Gateway FQDN, type the same FQDN that is on the General Networking tab. In
Password, type the password for the private key.
3 A .csr file is created. Save the certificate request on the local computer.
4 Email the certificate to your Certificate Authority
The certificate provider returns a signed certificate to you by email. When you receive the signed certifi-
cate, install it on the Firebox SSL VPN Gateway.
After you create the certificate request and send it to the Certificate Authority, refrain from performing
the following tasks on the Firebox SSL VPN Gateway until you receive the signed certificate back and
install it on the appliance:
• Generating another Certificate Signing Request
• Uploading a saved configuration file
• Publishing configuration settings from another appliance in the cluster
Note
Important: When the certificate is generated and sent to the Certificate Authority, do not create
another Certificate Signing Request. The Firebox SSL VPN Gateway stores one private key. If the
Certificate Signing Request is run again, the private key is overwritten and the signed certificate will not
match.