- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
SonicWall Certificates FAQ
12/20/2019 
192 People found this article helpful
128,266 Views
Description
- What is the maximum number of signed certificates which can be uploaded into the SonicWall?
You can upload 4 signed certificates into the SonicWall. This is including 3rd party, self-signed or MS CA signed certificates. - How many certificate signing requests (CSR) can be created in the SonicWall?
You can create 4 CSRs. - What is the maximum number of CA certificates which can be imported into the SonicWall?
- The maximum limit for CA certificates in the certificate store of the SonicWall is 256.
- The store has 52 built-in certificates.
- Therefore, you can import 204 CA certificates.
- What is the maximum key size supported?
SonicWall supports key size from 1024 to 4096 bits. - What are the encryption/signing algorithms supported by the SonicWall?
Currently SonicWall supports only the RSA algorithm. - When importing a signed certificate or a CA certificate, what are the cryptographic hash functions supported by the SonicWall?
Beginning with SonicOS 5.9.0, SonicWall supports SHA512, SHA256, SHA1 and MD5. Older firmware supports SHA1 and MD5 only. - What are the certificate files supported in the SonicWall?
- Signed Certificates for Signing Request: PEM (.pem) or DER (.der or .cer) encoded. A file with .crt extension is also supported.
- For directly importing a signed certificate with private key: PKCS#12 (.p12 or .pfx) encoded file.
- To import a CA certificate: PKCS#7 (.p7b), PEM (.pem) or DER (.der or .cer) encoded file.
- What is the maximum validity of a CA certificate ?
A CA certificate’s validity must not exceed 38 years when importing into the SonicWall. Beyond this limit, the SonicWall will display error – Bad Time Value. - What is the maximum validity of a signed certificate?
A signed certificate’s validity must not exceed 35 years when importing into the SonicWall. Beyond this limit, the SonicWall will display error – Bad Time Value. - I have uploaded a signed certificate into the SonicWall. Can it be exported?
Yes. A signed certificate can be exported by clicking on the download icon in pfx extension with private key. - Can the private key be exported separately?
It is not possible to export the private key separately. However, if the certificate is exported (with pfx extension), the private key can be extracted from it using such tools as OpenSSL. - Can I create a CSR for a wildcard certificate?
Yes. It is possible to create a CSR by prefixing the certificate common name (CN) with an asterisk. (*.example.com). - When creating a CSR in the SonicWall I am unable to specify more than 1 subject alternative name (SANs).
Although only 1 Subject Alternative Name can be specified when creating the CSR in the SonicWall, additional subject alternative names can be specified to the certificate providers. You can create the regular CSR within SonicWall and when submitting the CSR to the CA, they can add the additional IPs or domain details within the generated certificate. - I created a CSR in the SonicWall and submitted it to my CA. I was issued a signed certificate which I successfully uploaded into the SonicWall via the blue icon. However, the certificate is not validated.
- You must import your CA’s certificate and, if it is an intermediate CA, import all the certificates in the certificate chain to complete the validation process.
- The local certificate may not be valid yet – check the valid from date on the certificate.
- The local certificate may have expired - check the valid to date on the certificate.
- The SonicWall firewall may have the wrong date and time set internally, causing it to think the certificates are invalid.
- I created a CSR in the SonicWall and exported it to submit to my CA. In the certificate request process what should I select as the server platform?
Apache SSL or Apache. - I have a certificate in my SonicWall SMB SSL-VPN appliance. Can I use the certificate in the SonicWall UTM appliance?
Yes. Export the certificate and the private key from the SMB SSL-VPN appliance. Using a tool like OpenSSL, combine the two into a PKCS#12 file with pfx or p12 extension. Make sure to set a password for the PKCS#12 file. Import the file into the SonicWall. - My SonicWall UTM appliance was reset to factory defaults. I had exported the configuration settings into a file before the reset. However, when I import the settings after the reset I am unable to see my certificate in the certificates page.
Certificates are not exported when settings are exported into a file. It is recommended to export the certificates separately as a back-up. - What are the cryptographic algorithms used in the default SonicWall self-signed certificate?
The self-signed certificate pre-loaded in all latest SonicOS firmwares uses SHA-1 with 2048 bits RSA encryption. - What are the SSL / TLS protocol version supported in the SonicWall management and UTM SSL-VPN?
SonicWall supports SSL 3.0, TLS 1.0 and beginning with SonicOS 6.2, TLS 1.1 and TLS 1.2. - Does the SonicWall support RSASSA-PSS signature algorithm?
There is no RSASSA-PSS support at this time.
Related Articles
- Firewall is not generating syslog packets
- Configuring SNMP in SonicOS
- Why is SonicWall blocking access to websites?
YES
NO