Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sonicwall HTTPS Certificate

Posted on 2013-12-11
4
Medium Priority
?
9,160 Views
Last Modified: 2013-12-11
Have received this report upon authorized scanning of  host for PCI compliance test. We have Sonicwall firewall NSA2400 with up to date firmware. It is saying we need to update the HTTPS certificate issued by Sonicwall to get the SHA-1 signature algorithm for security hash function. How is this done?
0
Comment
Question by:cebu1014
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39711916
Most network devices come with pre-installed (and fairly useless for actual security).
You can get certificates from SSL vendors (cheap example is godaddy.com), and install it in your device. Make sure to request the certificate for the name you'll actually use (www.something.com, vpn.somethingelse.com, etc.).

Tamas
0
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39712166
Hi cebu1014,

Here is a step-by-step on how to setup your SSL Cert on the SonicWALL.

NOTE: SonicOS firmwares until 5.9.0.0 support only MD5 and SHA1 certificates. SonicOS 5.9.0.0 and above support SHA1, SHA256 & SHA512. Your SonicWALL's latest SonicOS release is SonicOS 5.9.0.2.107o, and I would recommend upgrading to that if you haven't already.

In order for a device certificate to be validated, the CA (Certificate Authority) certificate should be installed on the SonicWALL device. Some third party public CA may have a subordinate CA which issues certificates to the end uses. To validate the device certificate the certificate chain needs to be installed, see (Screenshot 1)Certificate Path | Screenshot 1Procedure to install the GoDaddy Certificate in SonicWALL device:
The below steps are common for any other Public CA also, not only for GoDaddy.
 
NOTE: Before assigning the imported certificate to the SonicWALL web administration; backup of current settings from the System > Settings > Export Settings button.

1. Option 1: Generate a CSR (Certificate Signing Request) from the SonicWALL device

Prior to generating a CSR from the SonicWALL device, you need to install the Root CA and intermediate CA certificate from GoDaddy web site.

1. Access the https://certs.godaddy.com/anonymous/repository.seam and download/install the gd-class2-root.crt & gd_intermediate.crt Or gd_bundle.crt certificates to the SonicWALL device.
2. Generate a CSR from the SonicWALL device. Logon to the SonicWALL device as admin.
3. Go to System > Certificates > Select the "Imported Certificates" button.
4. Click in "New Signing Request" button.
5. A new CSR window will open up, fill in the details and hit the ‘Generate’ button.
6. On the main window, it’ll show you the status of the CSR as "Pending Request".
7. Click on the download button for that CSR.
8. Download and save it to the computer, it’s a .p10 file.
9. Submit this file to the GoDaddy CA and get the certificate signed as Web server ‘Apache’.
10. After getting a signed certificate, you can import the same certificate to the ‘Pending Request’ import button.
11. In presence of Root CA and intermediate CA certificate, the SonicWALL device should show this certificate as ‘Local’, and ‘Validated’.

2. Option 2: Import a pfx1 format certificate to the SonicWALL device

For this method also you need to first install the Root CA and Intermediate CA certificate from GoDaddy web site.

1. You can generate a CSR from any other web server or a network device and import it in pfx format (including the Private Key associated with that certificate).
2. Go to System > Certificates > Select the "Imported Certificates" button.
3. Click on "Import" button.
4. Supply a name to the certificate (this is just for local identification), certificate password, and the path where the certificate to be imported from.
5. Hit the ‘Import’ button.
6. In presence of Root CA and intermediate CA certificate, the SonicWALL device should show this certificate as ‘Local’, and ‘Validated’.

Assigning the imported certificate to the SonicWALL web administration:

1. Export the existing settings from System > Settings page (click on the "Export settings" button).
2. Go to System > Administration > Web Management Settings > under Certificate Selection, select the recently imported certificate and hit the Apply/Accept button on the top.
3. Logout from the web administration, close the browser window and login back to check the certificate error.
4. Sometimes you may need to restart the SonicWALL device.
Let me know if you have any questions!
0
 

Author Comment

by:cebu1014
ID: 39713332
Great information. Thank you.
We are using 5.8,xxx version of firmware. To be PCI compliant we need to use SHA-1 not MD5 for the cryptographic hash function.
 If updating to 5.9 and above, is all that we need to eliminate the MD5 from being used, then I will update and it is an easier step to see if it is a resolution to the problem.
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39713357
Terrific. Glad I could help and thanks for the points!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question