1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRXN3205
    5. /
  5. 32
Page 156 / 218 Scroll up to view Page 151 - 155
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
8-10
Managing Users, Authentication, and Certificates
v1.0, October 2008
Serial Number
. This is a serial number maintained by the CA. It is used to identify the
certificate with in the CA.
Issuer Name
. The name of the CA that issued the certificate.
Expiry Time
. The date on which the certificate expires. You should renew the certificate
before it expires.
Obtaining a Self Certificate from a Certificate Authority
To use a self certificate, you must first request the certificate from the CA, then download and
activate the certificate on your system. To request a self certificate from a CA, you must generate a
Certificate Signing Request (CSR) for your firewall. The CSR is a file containing information
about your company and about the device that will hold the certificate. Refer to the CA for
guidelines on the information you include in your CSR.
To generate a new Certificate Signing Request (CSR) file:
1.
Locate the
Generate Self Certificate Request
section of the Certificates screen.
2.
Configure the following fields:
Name
– Enter a descriptive name that will identify this certificate.
Subject
– This is the name which other organizations will see as the holder (owner) of the
certificate. Since this name will be seen by other organizations, you should use your
registered business name or official company name. (Using the same name, or a derivation
of the name, in the Title field would be useful.)
From the pull-down menus, choose the following values:
Hash Algorithm: MD5 or SHA2.
Signature Algorithm: RSA.
Signature Key Length: 512, 1024, 2048. (Larger key sizes may improve security, but
may also decrease performance.)
Page 157 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Managing Users, Authentication, and Certificates
8-11
v1.0, October 2008
3.
Complete the
Optional
fields, if desired, with the following information:
IP Address
– If you have a fixed IP address, you may enter it here. Otherwise, you should
leave this field blank.
Domain Name
– If you have an Internet domain name, you can enter it here. Otherwise,
you should leave this field blank.
E-mail Address
– Enter the e-mail address of a technical contact in your organization.
4.
Click
Generate
. A new certificate request is created and added to the
Self Certificate
Requests
table.
Figure 8-11
Figure 8-12
Page 158 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
8-12
Managing Users, Authentication, and Certificates
v1.0, October 2008
5.
In the
Self Certificate Requests
table, click
View
under the Action
column to view the
request.
6.
Copy the contents of the
Data to supply to CA
text box into a text file, including all of the
data contained from “----BEGIN CERTIFICATE REQUEST---” to “---END CERTIFICATE
REQUEST---”.
7.
Submit your certificate request to a CA:
a.
Connect to the website of the CA.
b.
Start the Self Certificate request procedure.
c.
When prompted for the requested data, copy the data from your saved text file (including
“----BEGIN CERTIFICATE REQUEST---” and “---END CERTIFICATE REQUEST”).
d.
Submit the CA form. If no problems occur, the certificate will be issued.
8.
Store the certificate file from the CA on your computer and backup the certificate file from the
CA in another location.
9.
Return to the Certificates screen and locate the
Self Certificate Requests
section.
Figure 8-13
Figure 8-14
Page 159 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Managing Users, Authentication, and Certificates
8-13
v1.0, October 2008
10.
Select the checkbox next to the certificate request, then click
Browse
and locate the certificate
file on your PC.
11.
Click
Upload
. The certificate file will be uploaded to this device and will appear in the
Active
Self Certificates
list.
If you have not already uploaded the CA certificate, do so now, as described in
“The top section of
the Certificates screen displays the Trusted Certificates (CA Certificates).” on page 8-9
. You
should also periodically check your CA’s Certificate Revocation List, as described in
“Managing
your Certificate Revocation List (CRL)” on page 8-13
.
Managing your Certificate Revocation List (CRL)
A CRL file shows certificates that have been revoked and are no longer valid. Each CA issues their
own CRLs. It is important that you keep your CRLs up-to-date. You should obtain the CRL for
each CA regularly.
In the Certificates menu, you can view your currently-loaded CRLs and upload a new CRL.
To view and upload CRLs:
1.
Select
VPN > Certificates
from the main/submenu.
The Certificates menu will display showing the
Certificate Revocation Lists (CRL)
table at
the bottom of the screen.
The CRL table lists your active CAs and their critical release dates:
CA Identify –
The official name of the CA which issued this CRL.
Last Update
The date when this CRL was released.
Next Update
The date when the next CRL will be released.
2.
Click
Browse
and locate the CRL file you previously downloaded from a CA.
3.
Click
Upload.
The CRL file will be uploaded and the CA Identity will appear in the
Certificate Revocation Lists (CRL)
table. If you had a previous CA Identity from the same
CA, it will be deleted.
Figure 8-15
Page 160 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
8-14
Managing Users, Authentication, and Certificates
v1.0, October 2008

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top