• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 916
  • Last Modified:

Internal Certificates for multiple SonicWalls

Noob question.

So I have 16 Sonicwalls on my network, all vpns are setup correctly and everything works as is.  I've been tasked with setting up the Content Filter Service (which I got up and running and working well) Next they want different group access levels, also got this setup and working properly (managers aren't filtered much, lowbies are heavily filtered) but the boss wants user authentication turned up so we can track everything.  Got this working with LDAP integration with my AD no problems there.  But the one problem I have is that all the sonicwalls (PRO 1260s and TZ 170s) are all using self signed certs. So whenever ever any one opens a browser they get the "There is a problem with this website's security certificate.  The security certificate presented by this website was not issued by a trusted certificate authority. " error, I know that you can click "Continue to this website (not recommended). " and everything works fine, but my users freaked out. I know that I could purchase a bunch of certs from a trusted CA, but this is all internal.  Can I setup some sort of internal CA so that I can issue certs to the sonicwalls and have them be trusted by my internal network?

I know very little about certs, I've installed 3rd party certs for my mail and web server, but that's pretty straight forward, I have no idea where to begin looking for a solution to this one.

Any help appreciated.

Cheers,

Brian
0
mobious74
Asked:
mobious74
  • 2
  • 2
2 Solutions
 
ComputerTechieCommented:
Have you tried Tools, Internet Options, Advanced?
In the Security section there is an option "Warn about certificate address mismatch"

CT
0
 
mobious74Author Commented:
That's one option, but that would require touching each PC. As half of my boxes aren't on the domain (lab boxes) and they're in different cities, I'm hoping for a solution that wouldn't require going to each box.
0
 
zoltan9992000Commented:
Have you tried adding the certificate to your certificate store - add to the Trused Root Certificate Store.

This should stop the message appearing - providing the details on the cert match the details of the server.
0
 
ComputerTechieCommented:
you can make the changue using gpo if i remember correctly.

CT
0
 
mobious74Author Commented:
Sorry this took so long, I setup a Microsoft CA server and pushed it to the Trusted Root using GPO and on the machines that are not on the domain I manually added them to the Trusted Root...thanx all.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now