Netgear SRX5308 SRX5308 Reference Manual - Page 246
Understanding the Certificates Screen, Certificates, Trusted Certificates CA Certificate table - replacement
UPC - 606449065145
View all Netgear SRX5308 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 246 highlights
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual You can obtain a digital certificate from a well-known commercial certificate authority (CA) such as Verisign or Thawte, or you can generate and sign your own digital certificate. Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate from a commercial CA provides a strong assurance of the server's identity. A self-signed digital certificate triggers a warning from most browsers because it provides no protection against identity theft of the server. The VPN firewall contains a self-signed digital certificate from NETGEAR. This certificate can be downloaded from the VPN firewall login screen for browser import. However, NETGEAR recommends that you replace this digital certificate with a digital certificate from a well-known commercial CA prior to deploying the VPN firewall in your network. Understanding the Certificates Screen To display the Certificates screen, select VPN > Certificates from the menu. Because of the large size of this screen, and because of the way the information is presented, the Certificates screen is divided and presented in this manual in three figures (Figure 7-11 on page 7-19, Figure 7-13 on page 7-21, and Figure 7-15 on page 7-25). The Certificates screen lets you to view the currently loaded digital certificates, upload a new digital certificate, and generate a Certificate Signing Request (CSR). The VPN firewall typically holds two types of digital certificates: • CA digital certificates. Each CA issues its own CA identity digital certificate to validate communication with the CA and to verify the validity of digital certificates that are signed by the CA. • Self digital certificates. The digital certificates that are issued to you by a CA to identify your device. The Certificates screen contains four tables that are explained in detail in the following sections: • Trusted Certificates (CA Certificate) table. Contains the trusted digital certificates that were issued by CAs and that you uploaded (see "Managing Self Certificates" on page 7-20). • Active Self Certificates table. Contains the digital self certificates that were issued by CAs and that you uploaded (see "Managing Self Certificates" on page 7-20). • Self Certificate Requests table. Contains the self certificate requests that you generated. These requests might or might not have been submitted to CAs, and CAs might or might not have issued digital certificates for these requests. Only the digital self certificates in the Active Self Certificates table are active on the VPN firewall (see "Managing Self Certificates" on page 7-20). 7-18 Managing Users, Authentication, and Certificates v1.0, April 2010