Use a Third-Party Certificate Authority
If it is necessary to use an SSL certificate from a well-known source such as VeriSign or GeoTrust, you can generate a certificate signing request.
- Select Generate.
The window displays a Certificate Signing Request (CSR) that you can copy and use for your certificate order.
Pay close attention to the required fields and format guidelines as specified by your certificate authority of choice.
When you receive the new signed SSL certificate from the third-party Certificate Authority, you must prepare a chain file and return to the Appliance SSL Certificate window to upload it to the appliance.
The file you must upload should include your signed certificate followed by any intermediate and root certificates arranged in order from lowest-ranking to highest. To create this file, you can open a text editor and paste the entire body of each certificate into the file in the following order:
- Your signed certificate
- The intermediate certificate, if any
- The root certificate
Make sure to include the beginning and end tags on each certificate. The result should look like this example:
-----BEGIN CERTIFICATE-----
(Your signed certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(The Intermediate certificate (if any))
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(The Root certificate)
-----END CERTIFICATE-----Save the combined file as chain.pem. Select Browse to select the file from your computer, and then select Upload to apply the new certificate chain. This file replaces the current SSL certificate, and the Appliance SSL Certificate window displays the new certificate information.
Remember that each appliance requires a unique SSL host certificate. Attempts to upload a certificate from another host always fails even when all of the information matches. Currently, the certificate settings do not affect the closed system of certificates used by the VPN servers.