Netgear SRXN3205 SRXN3205 Reference Manual - Page 154
Managing Certificates, Viewing and Loading CA Certificates
UPC - 606449057461
View all Netgear SRXN3205 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 154 highlights
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Managing Certificates The firewall uses digital certificates to authenticate connecting VPN gateways or clients, and to be authenticated by remote entities. A certificate that authenticates a server, for example, is a file that contains: • A public encryption key to be used by clients for encrypting messages to the server. • Information identifying the operator of the server. • A digital signature confirming the identity of the operator of the server. Ideally, the signature is from a trusted third party whose identity can be verified absolutely. You can obtain a certificate from a well-known commercial Certificate Authority (CA) such as Verisign or Thawte, or you can generate and sign your own certificate. Because a commercial CA takes steps to verify the identity of an applicant, a certificate from a commercial CA provides a strong assurance of the server's identity. A self-signed certificate will trigger a warning from most browsers as it provides no protection against identity theft of the server. Your firewall contains a self-signed certificate from NETGEAR. We recommend that you replace this certificate prior to deploying the firewall in your network. From the VPN > Certificates main menu/submenu, you can view the currently loaded certificates, upload a new certificate and generate a Certificate Signing Request (CSR). Your firewall will typically hold two types of certificates: • CA certificate. Each CA issues its own CA identity certificate in order to validate communication with the CA and to verify the validity of certificates signed by the CA. • Self certificate. The certificate issued to you by a CA identifying your device. Viewing and Loading CA Certificates The Trusted Certificates (CA Certificates) table lists the certificates of CAs and contains the following data: • CA Identity (Subject Name). The organization or person to whom the certificate is issued. • Issuer Name. The name of the CA that issued the certificate. • Expiry Time. The date after which the certificate becomes invalid. 8-8 Managing Users, Authentication, and Certificates v1.0, October 2008