NETGEAR SRX5308-100NAS Switch User Manual


 
Manage Users, Authentication, and VPN Certificates
314
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
both the IPSec VPN certificate repository and the SSL VPN certificate repository. However, if
the defined purpose is for IPSec VPN only, the certificate is uploaded only to the IPSec VPN
certificate repository.
The VPN firewall uses digital certificates to au
thenticate connecting VPN gateways or clients,
and to be authenticated by remote entities. A digital certificate that authenticates a server, for
example, is a file that contains the following elements:
A public
encryption key to be used by clients for encrypting messages to the server.
Information id
entifying the operator of the server.
A dig
ital signature confirming the identity of the operator of the server. Ideally, the
signature is from a trusted third party whose identity can be verified.
You can obtain a digital certificate from a well-kno
wn commercial certification authority (CA)
such as Verisign or Thawte, or you can generate and sign your own digital certificate.
Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate
from a commercial CA provides a strong assurance of the server’s identity. A self-signed
digital certificate triggers a warning from most browsers because it provides no protection
against identity theft of the server.
The VPN firewall contains a self-signed digital cert
ificate from NETGEAR. This certificate can
be downloaded from the VPN firewall login screen for browser import. However, NETGEAR
recommends that you replace this digital certificate with a digital certificate from a well-known
commercial CA prior to deploying the VPN firewall in your network.
VPN Certificates Screen
To display the Certificates screen, select VPN > Certificates. Because of the large size of
this screen, and because of the way the information is presented, the Certificates screen is
divided and presented in this manual in three figures (Figure 208 on
page 315, Figure 210 on
page 317, and Figure 212 o
n page 320).
The Certificates screen lets you view the currently loade
d digital certificates, upload a new
digital certificate, and generate a certificate signing request (CSR). The VPN firewall typically
holds two types of digital certificates:
CA
certificates. Each CA issues its own digital certificate to validate communication with
the CA and to verify the validity of digital certificates that are signed by the CA.
Self-sign
ed certificates. The digital certificates that are issued to you by a CA to identify
your device.
The Certificates screen contains four tables that a
re explained in detail in the following
sections:
T
rusted Certificates (CA Certificate) table. Contains the trusted digital certificates that
were issued by CAs and that you uploaded (see Manage VPN CA Certificates on this
page).
Active Sel
f Certificates table. Contains the self-signed certificates that were issued by
CAs and that you uploaded (see Manage VPN Self-Signed Certificates on p
age 316).