Solved

Internal Certificates for multiple SonicWalls

Posted on 2009-06-27
5
911 Views
Last Modified: 2012-05-07
Noob question.

So I have 16 Sonicwalls on my network, all vpns are setup correctly and everything works as is.  I've been tasked with setting up the Content Filter Service (which I got up and running and working well) Next they want different group access levels, also got this setup and working properly (managers aren't filtered much, lowbies are heavily filtered) but the boss wants user authentication turned up so we can track everything.  Got this working with LDAP integration with my AD no problems there.  But the one problem I have is that all the sonicwalls (PRO 1260s and TZ 170s) are all using self signed certs. So whenever ever any one opens a browser they get the "There is a problem with this website's security certificate.  The security certificate presented by this website was not issued by a trusted certificate authority. " error, I know that you can click "Continue to this website (not recommended). " and everything works fine, but my users freaked out. I know that I could purchase a bunch of certs from a trusted CA, but this is all internal.  Can I setup some sort of internal CA so that I can issue certs to the sonicwalls and have them be trusted by my internal network?

I know very little about certs, I've installed 3rd party certs for my mail and web server, but that's pretty straight forward, I have no idea where to begin looking for a solution to this one.

Any help appreciated.

Cheers,

Brian
0
Comment
Question by:mobious74
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:ComputerTechie
ID: 24729601
Have you tried Tools, Internet Options, Advanced?
In the Security section there is an option "Warn about certificate address mismatch"

CT
0
 

Author Comment

by:mobious74
ID: 24729679
That's one option, but that would require touching each PC. As half of my boxes aren't on the domain (lab boxes) and they're in different cities, I'm hoping for a solution that wouldn't require going to each box.
0
 
LVL 2

Assisted Solution

by:zoltan9992000
zoltan9992000 earned 200 total points
ID: 24729680
Have you tried adding the certificate to your certificate store - add to the Trused Root Certificate Store.

This should stop the message appearing - providing the details on the cert match the details of the server.
0
 
LVL 23

Accepted Solution

by:
ComputerTechie earned 300 total points
ID: 24730279
you can make the changue using gpo if i remember correctly.

CT
0
 

Author Closing Comment

by:mobious74
ID: 31597605
Sorry this took so long, I setup a Microsoft CA server and pushed it to the Trusted Root using GPO and on the machines that are not on the domain I manually added them to the Trusted Root...thanx all.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question