Internal Certificates for multiple SonicWalls

Noob question.

So I have 16 Sonicwalls on my network, all vpns are setup correctly and everything works as is.  I've been tasked with setting up the Content Filter Service (which I got up and running and working well) Next they want different group access levels, also got this setup and working properly (managers aren't filtered much, lowbies are heavily filtered) but the boss wants user authentication turned up so we can track everything.  Got this working with LDAP integration with my AD no problems there.  But the one problem I have is that all the sonicwalls (PRO 1260s and TZ 170s) are all using self signed certs. So whenever ever any one opens a browser they get the "There is a problem with this website's security certificate.  The security certificate presented by this website was not issued by a trusted certificate authority. " error, I know that you can click "Continue to this website (not recommended). " and everything works fine, but my users freaked out. I know that I could purchase a bunch of certs from a trusted CA, but this is all internal.  Can I setup some sort of internal CA so that I can issue certs to the sonicwalls and have them be trusted by my internal network?

I know very little about certs, I've installed 3rd party certs for my mail and web server, but that's pretty straight forward, I have no idea where to begin looking for a solution to this one.

Any help appreciated.

Cheers,

Brian
mobious74Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ComputerTechieCommented:
Have you tried Tools, Internet Options, Advanced?
In the Security section there is an option "Warn about certificate address mismatch"

CT
0
mobious74Author Commented:
That's one option, but that would require touching each PC. As half of my boxes aren't on the domain (lab boxes) and they're in different cities, I'm hoping for a solution that wouldn't require going to each box.
0
zoltan9992000Commented:
Have you tried adding the certificate to your certificate store - add to the Trused Root Certificate Store.

This should stop the message appearing - providing the details on the cert match the details of the server.
0
ComputerTechieCommented:
you can make the changue using gpo if i remember correctly.

CT
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mobious74Author Commented:
Sorry this took so long, I setup a Microsoft CA server and pushed it to the Trusted Root using GPO and on the machines that are not on the domain I manually added them to the Trusted Root...thanx all.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.