SonicWALL Internet Security Appliances User Manual

Page 218 SonicWALL Internet Security Appliance Administrator’s Guide

Importing Certificate with private key

After a certificate is signed by the CA and returned to you, you can import the certificate into the
SonicWALL to be used as a Local Certificate for a VPN Security Association. Use the following steps
to import the certificate into the SonicWALL:
1. In the Import Certificate with private key section of Local Certificates, enter the Certificate

Name.

2. Enter the Certificate Management Password. This password was created when you exported

your signed certificate.

3. Use Browse to locate the certificate file.
4. Click Import, and the certificate appears in the list of Current Certificates.
5. To view details about the certificate, select it from the list of Current Certificates.

Certificate Details

Both Certificate Requests and validated Certificates appear in the list of Current Certificates. The
Certificate Details section lists the same information as the CA Certificate Details section, but a
Status entry now appears in the details. If a certificate is valid and ready to be used with a VPN
Security Association, the Status is Verified. If the certificate is not signed by the CA, the Status is
Request Generated. You can also import the corresponding Signed Certificate in this section.
Additionally, Certificate Signing Requests can be exported and deleted in the Certificate Details
section of a Request Generated certificate.

Certificate Revocation List (CRL)

A Certificate Revocation List (CRL) is a way to check the validity of an existing certificate. A certificate
may be invalid for several reasons:
•

It is no longer needed.

•

A certificate was stolen or compromised.

•

A new certificate was issued that takes precedence over the old certificate.

If a certificate is invalid, the CA may publish the certificate on a Certificate Revocation List at a given
interval, or on an online server in a X.509 v3 database using Online Certificate Status Protocol
(OCSP). Consult your CA provider for specific details on locating a CRL file or URL.
Tip The SonicWALL supports obtaining the CRL via HTTP or manually downloading the list.
You can import the CRL by locating the URL and then importing it into the SonicWALL. Certificates
are checked against the CRL by the SonicWALL for validity when they are used.
You can also enter a URL location of the CRL by entering the address in the Enter CRL’s location for
this CA (URL) field. The CRL is downloaded automatically at intervals determined by the CA service.