Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

OpenSSL | PKI | Watchguard

Posted on 2010-09-16
4
Medium Priority
?
1,209 Views
Last Modified: 2012-05-10
I need to generate a private key using OpenSSL for my watchguard firebox, but what i don't understand is how does the box know what the private key is?  its being genereted by an external program (openSSL).

Can someone explain to me how you tell the device what the private key is?

my SSL 100 box wants a server certificate and a client certificate.  The older version of the box used to genereate the CSR for you and it was much more straight forward.

any help would be appreciated.
0
Comment
Question by:beaconlightboy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 33702615
For the SSL 100 using version 3.1 (which appears to be the current version) here are the instructions:
http://www.watchguard.com/help/docs/ssl/3/en-US/v3_1_WG_SSL_WebUI_UserGuide.pdf

See printed page 300, Adobe page 312 - it seems to walk you through the whole process.  Let me know what step you are getting hung up on if you are having issues with what they are presenting.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 33702634
The server cert is for hosting the SSL session.  If you need to connect to another box where client certificate authentication is being used for some purpose then you would create a client cert as directed.
0
 
LVL 3

Author Comment

by:beaconlightboy
ID: 33703523
well, i read this, it is identical to the help file.  Where i'm getting lost is how the box knows what the private key is.  if you generate a private key, then submit it, you don't get the private key back in the request.  So when you add the public key to the box, how does it know what it's private key is?
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 33729339
The private key is generated as the first step in the OpenSSL procedure, just before creating the CSR file:
openssl genrsa -out wgnet.key 1024

wgnet.key is the private key (you can call this whatever you want)

Then you create the CSR and get your cert issued from the CA.

Sounds like you need to convert the private key to PKCS #8 format - this is not very commonly done but there are a few products that require it:
openssl pkcs8 -topk8 -in wgnet.key -out wgnet.pk8

Then you import the CA certs one at a time, from the root down, then you go to a screen where you import the issued cert and the PKCS #8 formatted private key in the same step - see printed page 304 / adobe page 316 for a screenshot under #3.

Hopefully this answers your question...
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question