Creating a certificate signing request – SonicWALL Internet Security Appliances User Manual
Page 218
SonicWALL VPN Page 219
Creating a Certificate Signing Request
To create a certificate for use with a VPN SA, follow these steps:
Tip! You should create a Certificate Policy to used in conjunction with local certificates. A Certificate
Policy determines the authentication requirements and the authority limits required for the
validation of a certificate.
1. Click VPN, then Local Certificates.
2. In the Generate Certificate Signing Request section, enter a name for the certificate in the
Certificate Name field. Using the drop down menus, enter information for the certificate
request. As you enter information in the Request fields, the Distinguished Name (DN) is created.
You may also attach an optional Subject Alternative Name to the certificate such as the Domain
Name or E-mail Address.
3. The Subject Key type is preset as an RSA algorithm. RSA is a public key cryptographic algorithm
used for encrypting data.
4. Select a Subject Key size from the from the Subject Key Size menu.
5. Not all key sizes are supported by a Certificate Authority, therefore you should check with your
Certificate Authority for supported key sizes.
6. Click Generate to create a certificate file.
7. Once the Certificate Signing Request is generated, a message describing the result is displayed.
8. Click Export to download the file to your computer, and then click Save to save it to a directory
on your computer.
9. Now that you have generated the Certificate Request, you can send it to your CA service for
validation.
Importing a Signed Local Certificate
When the CA service returns the signed certificate request generated locally, import it into the
SonicWALL using the following steps:
1. In the Current Certificates section of Local Certificates, select the corresponding request from
the Certificates menu.
2. Click Browse, and select the *.der from the Choose File dialogue box.
3. Click Import Certificate.
4. The certificate is now updated to Verified, and you can now use it for a VPN SA using a third party
certificate.