Filter
Top Products
Administration Guide 113
Overview of the Certificate Signing Request
The root certificate that is installed on the Firebox SSL VPN Gateway has to be in PEM format. On Win-
dows, the file extension .cer is sometimes used to indicate that the root certificate is in PEM format.
If you are validating certificates on internal connections, the Firebox SSL VPN Gateway must have a root
certificate installed.
To install a root certificate on the Firebox SSL VPN Gateway
1On the Firebox SSL VPN Gateway Cluster tab, open the window for an appliance.
2On the Administration tab, next to Manage trusted root certificates, click Manage.
3On the Manage tab, click Upload Trusted Root Certificate.
4 Navigate to the file and then click Open.
To remove the root certificate, click Remove Trusted Root Certificate.
Installing Multiple Root Certificates
Multiple root certificates can be installed on the Firebox SSL VPN Gateway, however they must be in one
file. For example, you can create a text file in a plain text editor (such as Notepad) that contains all of the
root certificates. Open each root certificate in another plain text editor window and then copy and paste
the contents of each certificate below the last line in the new text window. When all of the certificates
are copied to the new file, save the text file in PEM format, and then upload the file to the Firebox SSL
VPN Gateway.
Creating Root Certificates Using a Command Prompt
You can also create PEM-formatted root certificates using a DOS command prompt. For example, if you
have three PEM root certificates, you can use the following command to create one file that contains all
three certificates:
type root1.pem root2.pem root3.pem > current-roots.pem
If you want to add additional root certificates to an existing file, use the following command:
type root4.pem root5.pem >> current-roots.pem
When this command is executed, all five root certificates are in the file current-roots.pem. The double
greater than symbol (
>>) appends the the contents of root4.pem and root5.pem to the existing con-
tents of current-roots.pem.
Resetting the Certificate to the Default Setting
The Firebox SSL VPN Gateway comes with a certificate that is not digitally signed by a Certificate Author-
ity. If you need to reimage the appliance, you can reset the certificate to the default certificate that came
with the Firebox SSL VPN Gateway. You can do this by using the serial console and selecting the option
to reset the certificate.
To reset the default certificate
1 Connect the serial cable to the 9-pin serial port on the Firebox SSL VPN Gateway and connect the
cable to a computer that is capable of running terminal emulation software.
2 On the computer, start a terminal emulation application such as HyperTerminal.