Chapter 22 Kerio Clientless SSL-VPN
356
Click Advanced to open a dialog where port and SSL certificate for SSL-VPN can be set.
Figure 22.2 Setting of TCP port and SSL certificate for SSL-VPN
SSL-VPN’s default port is port 443 (standard port of the HTTPS service).
Click Change SSL Certificate to create a new certificate for the SSL-VPN service or to
import a certificate issued by a trustworthy certification authority. When created, the
certificate is saved as sslvpn.crt and the corresponding private key as sslvpn.key.
The process of creating/importing a certificate is identical as the one for WinRoute’s
interface or the VPN server, addressed in detail in chapter
9.1.
HINT: Certificates for particular server name issued by a trustworthy certification au-
thority can also be used for the Web interface and the VPN server — it is not necessary
to use three different certificates.
Allowing access from the Internet
Access to the SSL-VPN interface from the Internet must be allowed by defining a traffic
rule allowing connection to the firewall’s HTTPS service.
Figure 22.3 Traffic rule allowing connection to the SSL-VPN interface
