Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
111
Figure 17. System > Certificates Page
See the following sections:
• Server Certificates on page 111
• Additional CA Certificates on page 111
Server Certificates
The Server Certificates section allows the administrator to import and configure a server certificate, and to
generate a CSR (certificate signing request).
A server certificate is used to verify the identity of the SMA/SRA appliance. The appliance presents its server
certificate to the user’s browser when the user accesses the login page. Each server certificate contains the
name of the server to which it belongs.
There is always one self-signed certificate (self-signed means that it is generated by the SMA/SRA appliance,
not by a real CA), and there could be multiple certificates imported by the administrator. If the administrator
has configured multiple portals, it is possible to associate a different certificate with each portal. For example,
sslvpn.test.sonicwall.com might also be reached by pointing the browser to
virtualassist.test.sonicwall.com. Each of those portal names can have its own certificate. This is useful to
prevent the browser from displaying a certificate mismatch warning, such as “This server is abc, but the
certificate is xyz, are you sure you want to continue?.”
A CSR is a certificate signing request. When preparing to get a certificate from a CA, you first generate a CSR
with the details of the certificate. Then the CSR is sent to the CA with any required fees, and the CA sends back
a valid signed certificate.
Additional CA Certificates
The Additional CA Certificates section allows the administrator to import additional certificates from a
Certificate Authority server, either inside or outside of the local network. The certificates are in PEM encoded
format for use with chained certificates, for example, when the issuing CA uses an intermediate (chained)
signing certificate.
The imported additional certificates only take effect after restarting the SMA/SRA appliance.
Certificate Management
The SMA/SRA appliance comes with a pre-installed self-signed X509 certificate for SSL functions. A self-signed
certificate provides all the same functions as a certificate obtained through a well-known certificate authority
To Next Page
Loading...
Need help?
General
