1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FVS336Gv2
    5. /
  5. 26
Page 126 / 203 Scroll up to view Page 121 - 125
126
|
Chapter 7:
Managing Users, Authentication, and Certificates
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Viewing and Loading CA Certificates
The Trusted Certificates (CA Certificates) table lists the certificates of CAs and contains the
following data:
CA Identity (Subject Name)
. The organization or person to whom the certificate is
issued.
Issuer Name
. The name of the CA that issued the certificate.
Expiry Time
. The date after which the certificate becomes invalid.
To view the VPN Certificates:
Select VPN > Certificates from the menu. The top section of the Certificates screen displays
the Trusted Certificates (CA Certificates).
When you obtain a self certificate from a CA, you will also receive the CA certificate. In
addition, many CAs make their certificates available on their Websites.
To load a CA certificate into your VPN firewall:
1.
Store the CA certificate file on your computer.
2.
Under
Upload Trusted Certificates
in the Certificates menu, click Browse and locate
the CA certificate file.
3.
Click
Upload
. The CA Certificate will appear in the
Trusted Certificates (CA
Certificates)
table.
Viewing Active Self Certificates
The
Active Self Certificates
table on the Certificates screen shows the certificates issued to
you by a CA and available for use.
Page 127 / 203
Chapter 7:
Managing Users, Authentication, and Certificates
|
127
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
For each self certificate, the following data is listed:
Name
. The name you used to identify this certificate.
Subject Name
. This is the name that other organizations will see as the holder (owner) of
this certificate. This should be your registered business name or official company name.
Generally, all of your certificates should have the same value in the Subject field.
Serial Number
. This is a serial number maintained by the CA. It is used to identify the
certificate with in the CA.
Issuer Name
. The name of the CA that issued the certificate.
Expiry Time
. The date on which the certificate expires. You should renew the certificate
before it expires.
Obtaining a Self Certificate from a Certificate Authority
To use a self certificate, you must first request the certificate from the CA, then download and
activate the certificate on your system. To request a self certificate from a CA, you must
generate a Certificate Signing Request (CSR) for your VPN firewall. The CSR is a file
containing information about your company and about the device that will hold the certificate.
Refer to the CA for guidelines on the information you include in your CSR.
To generate a new Certificate Signing Request (CSR) file:
1.
Locate the
Generate Self Certificate Request
section of the Certificates screen.
2.
Configure the following fields:
Name
– Enter a descriptive name that will identify this certificate.
Subject
– This is the name which other organizations will see as the holder (owner) of
the certificate. Since this name will be seen by other organizations, you should use
Page 128 / 203
128
|
Chapter 7:
Managing Users, Authentication, and Certificates
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
your registered business name or official company name. (Using the same name, or a
derivation of the name, in the Title field would be useful.)
From the drop-down lists, choose the following values:
-
Hash Algorithm:
MD5
or
SHA2
.
-
Signature Algorithm:
RSA
.
-
Signature Key Length:
512
,
1024
,
2048
. (Larger key sizes may improve security, but
may also decrease performance.)
3.
Complete the Optional fields, if desired, with the following information:
IP Address
– If you have a fixed IP address, you may enter it here. Otherwise, you
should leave this field blank.
Domain Name
– If you have an Internet domain name, you can enter it here.
Otherwise, you should leave this field blank.
E-mail Address
– Enter the e-mail address of a technical contact in your
organization.
4.
Click
Generate
. A new certificate request is created and added to the
Self Certificate
Requests
table.
5.
In the
Self Certificate Requests
table, click
view
in the Action
column to view the
request.
6.
Copy the contents of the
Data to supply to CA
text box into a text file, including all of
the data contained from “----BEGIN CERTIFICATE REQUEST---” to “---END
CERTIFICATE REQUEST---”.
Page 129 / 203
Chapter 7:
Managing Users, Authentication, and Certificates
|
129
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
7.
Submit your certificate request to a CA:
a.
Connect to the website of the CA.
b.
Start the Self Certificate request procedure.
c.
When prompted for the requested data, copy the data from your saved text file
(including “----BEGIN CERTIFICATE REQUEST---” and “---END CERTIFICATE
REQUEST”).
d.
Submit the CA form. If no problems ensue, the certificate will be issued.
8.
Store the certificate file from the CA on your computer.
9.
Return to the Certificates screen and locate the
Self Certificate Requests
section.
10.
Select the checkbox next to the certificate request, then click
Browse
and locate the
certificate file on your PC.
11.
Click
Upload
. The certificate file will be uploaded to this device and will appear in the
Active Self Certificates
table.
If you have not already uploaded the CA certificate, do so now, as described in
Viewing and
Loading CA Certificates
. You should periodically check the
Certificate Revocation Lists
(CRL)
table, as described in
Managing your Certificate Revocation List (CRL)
” on this
screen.
Managing your Certificate Revocation List (CRL)
A CRL (Certificate Revocation List) file shows certificates that have been revoked and are no
longer valid. Each CA issues their own CRLs. It is important that you keep your CRLs
up-to-date. You should obtain the CRL for each CA regularly. On the Certificates screen, you
can view your currently-loaded CRLs and upload a new CRL.
Page 130 / 203
130
|
Chapter 7:
Managing Users, Authentication, and Certificates
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
To view your currently-loaded CRLs and upload a new CRL:
1.
Locate the
Certificate Revocation Lists (CRL)
table at the bottom of the Certificates
screen.
The CRL table lists your active CAs and their critical release dates:
CA Identify –
The official name of the CA which issued this CRL.
Last Update
The date when this CRL was released.
Next Update
The date when the next CRL will be released.
2.
Click
Browse
and locate the CRL file you previously downloaded from a CA.
3.
Click
Upload.
The CRL file is uploaded and the CA Identity appears in the
Certificate
Revocation Lists (CRL)
table. Any previous CA Identity from the same CA is deleted.

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top