HELP TABLE OF CONTENTS

VPN>CA Certificates

  Note! Click here for more information on SonicWALL 3rd party digital certificate support.

Importing CA Certificates into the SonicWALL

After your CA service has validated your CA Certificate, you can import it into the SonicWALL and use it to validate Local Certificates for VPN Security Associations.

To import your CA Certificate into the SonicWALL,

1. Select Add New CA Certificate.

2. Click Browse and locate the PKCS#7 (*.p7b) or DER (*.der) or *.cer encoded file sent by the CA service.

3. Click Open to set the directory path to the certificate.

4. Click Import to import the certificate into the SonicWALL. Once it is imported, you can view the Certificate Details.

Certificate Details

The Certificate Details section lists the following information:

• Certificate Authority

• Subject Distinguished Name

• Certificate Issuer

• Certificate Serial Number

• Expiration Date

• No CRL loaded/CRL Expires on

The Certificate Issuer, Certificate Serial Number, and the Expiration Date are generated by the CA service. The information is used when a Generate Certificate Signing Request is created and sent to your CA service for validation.

Delete This Certificate

To delete the certificate, click Delete This Certificate. You can delete a certificate if it has expired or if you decide not to use Third Party Certificates for VPN authentication.

Export This CA Certificate

Click Export This CA Certificate to export the file to your hard drive or a floppy disk

Certificate Revocation List (CRL)

A Certificate Revocation List (CRL) is a way to check the validity of existing certificates. A certificate may be invalid for several reasons:

• A certificate is no longer needed.

• A certificate was stolen or compromised.

• A new certificate has been issued that takes precedence over the old certificate.

If a certificate is invalid, the CA may publish the certificate on a Certificate Revocation List (CRL) at a given interval, or on an online server in a X.509 v3 database using Online Certificate Status Protocol (OCSP). Consult your CA provider for specific details on locating a CRL file or URL.

Tip! The SonicWALL supports obtaining the CRL via HTTP or manually downloading the list.

You can import the CRL by manually downloading the CRL and then importing it into the SonicWALL. You can also enter a URL location of the CRL by entering the address in the Enter CRL’s location for this CA (URL) field. The CRL is downloaded automatically at intervals determined by the CA service. Certificates are checked against the CRL by the SonicWALL for validity when they are used.

Importing a CRL List

1. Click Browse for Please select a file to import Certificate Revocation List.

2. Locate the PKCS#12 (*.p12) or *PFX (Microsoft) encoded file.

3. Click Open to set the directory path to the certificate.

4. Click Import to import the certificate into the SonicWALL.

Automatic CRL Update

1. Type the URL of the CRL server of your CA service in the Enter CRL's location for this CA (URL) field.

2. Click Update.

Help Table of Contents