Ask a Question

Advanced Search

Solution ID : SO22365

Last Modified : 05/02/2018

Managed PKI for SSL - Installation Instructions for SonicWall SSL VPN Appliance

Solution


This document provides installation instructions for SonicWALL VPN Appliance. If you are unable to use these instructions for your server, Symantec recommends that you contact the server vendor or the organization, which supports SonicWALL.

Step 1: Obtain and Install the SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with a certificate download link, alsoattached (cert.cer), as well as in the body of the email itself.
  2. Copy the certificate, imbedded in the body of the email and paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file.

    The text file should look like:

    -----BEGIN CERTIFICATE-----
              [encoded data]
    -----END CERTIFICATE-----

    NOTE: Click here to download the certificate from your Managed PKI for SSL subscriber services page.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
     
  3. Save the file as server.crt.
  4. Create a zipped file, that should contain a certificate file named server.crt and a certificate key file named server.key. The key and certificate must be at the root of the zip, or the zipped file will not be uploaded.
  5. Navigate to the System > Certificates page.


     
  1. Click Import Certificate. The Import Certificate dialog box is displayed.


     
  2. Click Browse.
  3. Locate the zipped file that contains the private key and ssl certificate on your disk or network drive and select it. Any filename will be accepted, but it must have the .zip extension.
  4. Click Upload.
  5. Once the certificate has been uploaded, the certificate will be displayed in the Certificates list in the System > Certificates page.
    NOTE: Private keys may required a password.
     

Step 2: Download and Install the Intermediate CA certificate

  1. Download the Intermediate CA certificates from this link.
  2. Select the Managed PKI for SSL tab.
  3. Select the appropriate Intermediate CA certificate based on your SSL certificate product type.
    NOTE: To check which certificate type you have purchased, follow the steps from this link.
  4. Copy the Intermediate CA certificate and paste it on a Notepad or Vi document.
  5. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
  6. Save the file as intermediate.crt.
    NOTE: The intermediate.crt on your disk or network drive must be a zipped file. Any filename will be accepted,
    but it must have the “.zip” extension.The zipped file should contain the intermediate bundle certificate file
    (e.g. intermediate.crt). The certificate must be at the root of the zip, or the zipped file will not be uploaded
  7. Navigate to the System > Certificates page.
  8. Click Import Certificate in the Additional CA Certificates section. The Import Certificate dialog box is displayed.
  9. Click Browse.
  10. Locate the zipped file that contains the intermediate.crt on your disk or network drive and select it.
  11. Click Upload.
  12. Once the certificate has been uploaded, the certificate will be displayed in the Certificates list in the System > Certificates page.
  13. The web server needs to be restarted with the new certificate included in the Intermediate CA certificate.


Step 3: View Certificate and Certificate Authority (CA) Issuer Information

         NOTE: The Current Certificates table in System > Certificates lists the currently loaded SSL certificates.

  1. Click the configure icon for the certificate. The Edit Certificate dialog box is displayed showing issuer and certificate subject information.
  2. From the Edit Certificate dialog box, you may view the issuer and certificate subject information.
  3. Update the certificate common name by entering the correct IP address or string in the Common Name field.
  4. Click Submit to submit changes.
  5. You may also delete an expired or incorrect certificate. Delete the certificate by clicking the Delete button.
    NOTE:  A certificate that is currently active cannot be deleted. To delete a certificate, upload and activate another SSL certificate, then delete the inactive certificate from View Certificate window.
  6. Verify your installation with the Symantec Installation Checker

     

 

          For more information refer to SonicWall support.