Netgear FVS336G-100NAS Reference Manual - Page 147
Managing Certificates, Viewing and Loading CA Certificates
View all Netgear FVS336G-100NAS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 147 highlights
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual Managing Certificates The VPN firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to be authenticated by remote entities. A certificate that authenticates a server, for example, is a file that contains: • A public encryption key to be used by clients for encrypting messages to the server. • Information identifying the operator of the server. • A digital signature confirming the identity of the operator of the server. Ideally, the signature is from a trusted third party whose identity can be verified absolutely. You can obtain a certificate from a well-known commercial Certificate Authority (CA) such as Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a strong assurance of the server's identity. A self-signed certificate will trigger a warning from most browsers as it provides no protection against identity theft of the server. Your VPN firewall contains a self-signed certificate from NETGEAR. We recommend that you replace this certificate prior to deploying the VPN firewall in your network. From the VPN > Certificates menu, you can view the currently loaded certificates, upload a new certificate and generate a Certificate Signing Request (CSR). Your VPN firewall will typically hold two types of certificates: • CA certificate. Each CA issues its own CA identity certificate in order to validate communication with the CA and to verify the validity of certificates signed by the CA. • Self certificate. The certificate issued to you by a CA identifying your device. Viewing and Loading CA Certificates The Trusted Certificates (CA Certificates) table lists the certificates of CAs and contains the following data: • CA Identity (Subject Name)-The organization or person to whom the certificate is issued. • Issuer Name-The name of the CA that issued the certificate. • Expiry Time-The date after which the certificate becomes invalid. Managing Users, Authentication, and Certificates 7-9 v1.0, October 2007