Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How can I obtain a Certificate from a Windows Certificate Authority (CA)?

10/14/2021 790 People found this article helpful 187,287 Views

    Download
    Print
    Translations
    • Japanese
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article describes how to obtain a certificate from an internal CA for the purpose of SonicWall Web Management.

    Deployment Prerequisites

    • Microsoft Windows Active Directory Services installed and configured.
    • Microsoft Certificate Services installed and configured.
    • Microsoft Internet Information Services (IIS) 7.0 installed and configure.

    Deployment Steps

    1.  Exporting the CA Certificate from the Active Directory Server.
    2. Importing the CA Certificate onto the SonicWall.
    3. Creating a New Signing Request in SonicWall Appliance.
    4. Requesting certificate for the new signing Request by the MS Certificate Authority.
    5. Validating the Certificate on the SonicWall Appliance.
    6. How to Test

    Resolution

    Exporting the Root CA Certificate from the Active Directory (AD) Server
    1. In the AD server, launch the Certificate Authority application by Start | Run | certsrv.msc.
    2. Right click the CA you created and select Properties.
    3. On the General tab, click View Certificate button.
    4. On the Details tab, select Copy to File.
    5. Follow through the wizard, and select the DER Encoded binary X.509 (.cer) format.
    6. Click browse and specify a path and filename to save the certificate.
    7. Click  Next button and click Finish.
      Image
       ImageImage
       ImageImage
       ImageImage
       ImageImage

     


     Importing the CA Certificate onto the SonicWall
    1. Click Manage in the top navigation menu.
    2. Navigate to Appliance | Certificates.
      Image
    3. Click Import. Select the certificate file you just exported.
      Image
    4. Select Import a CA certificate from a PKCS#7 (.p7b), PEM (.pem) or DER (.der or .cer) encoded file, 
    5. Click Browse and Select the certificate file you just exported from the MS Certificate Authority.
    6. Once the root certificate is selected, Click  import button.
      Image
    7. Once the CA root certificate is imported, it will be listed under the Appliance | Certificates page with type as CA Certificate.

      TIP: This page can be filtered to easily locate this certificate by changing the View Style to Imported certificates and requests. 

      Image

     Creating a Certificate Signing Request (CSR) in SonicWall Appliance

    1. Navigate to Appliance | Certificates page and click New Signing Request.
    2. Fill out the CSR form in SonicWall device and click  Generate. For the most part, you can leave the drop-down boxes to their defaults and fill out each field as suggested by its corresponding drop-down box.
      Image
    3.  The Appliance | Certificates page will refresh and your new certificate will appear with a type of Pending Request.

      NOTE: You may need to refresh the page for this status to appear.

      Image
    4. Click  Export Image button.  In the new Pop-up window, click Export and save the file locally on your device for later import to the Windows Server.
      Image

     Requesting a certificate for the CSR from the MS Certificate Authority

    TIP: If the MS CA server is running IIS (and the admin has allowed access to this interface), the easiest way to submit the firewall s CSR is via web browser.

    1. Open a browser and enter  http://x.x.x.x/certsrv/  (replace x.x.x.x with the IP address of your MS CA server). You will be presented with the certificate services interface (see below).
    2. Select the task Request a Certificate.
      Image
    3. Click advanced certificate request.
      Image
    4. Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
      Image
    5. Copy and paste the contents of the CSR in the Saved Request box.
    6. Select Web Server under Certificate Template.
      Image
    7. Select DER encoded and click Download Certificate. Save the file to your local system using whatever name you wish this file will be imported into SonicWall appliance.
      Image
      Image 

     Validating the Certificate on the SonicWall Appliance
    1. Navigate to System | Certificates page.
    2. Click Upload Signed certificate Image for the certificate that has type Pending request. 
      Image
    3. Browse for the downloaded file from the CA and click Upload.
      Image

      Image
    4. Once the certificate has been uploaded, the certificate will show type as Local Certificate and Validated as YES.
      Image

     


    How to Test

    Now that a signed certificate has been imported into the SonicWall, it can be used for HTTPS management of SonicWall interfaces as well as for SSL-VPN. To set the imported certificate as the management certificate, perform the following steps

    1. Navigate to Appliance | Base Settings.
    2. Under the Web Management Settings section, select the imported certificate under Certificate Selection.
    3. Click Accept to save the changes.
      Image
    4. When logging into the SonicWall after importing the signed certificate you may receive the following browser errors:
      Image

      CAUTION: "The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority".
      You get this error because the issuing CA certificate is not in the certificate store of the browser. To resolve it, install the certificate in the certificate store of the browser.


      CAUTION: "The name on the security certificate is invalid or does not match the name of the site".
      You get this error because you are accessing the site using a different name from the certificate Common Name (CN) you entered when creating the Certificate Signing Request (CSR). In the above example the SonicWall is being accessed using an IP address although the CN in the certificate is SonicWall.local (see above) : You have two options to overcome this error:
       

    • When creating the CSR enter the CN as 192.168.168.168.
    • Map the IP address of the SonicWall to the CN..

    Related Articles

    • SSL Control and DPI-SSL Compatibility
    • FIPS Mode: Radius protected with IPSEC VPN
    • Maximum DHCP Leases

    Categories

    • Firewalls > SonicWall SuperMassive 9000 Series > System
    • Firewalls > TZ Series > System
    • Firewalls > NSa Series > System
    • Firewalls > NSv Series > System

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top
    Trace:4ee82ce2006b54d95245027ae7978e4a-89