?
Solved

Sonicwall HTTPS Certificate

Posted on 2013-12-11
4
Medium Priority
?
8,905 Views
Last Modified: 2013-12-11
Have received this report upon authorized scanning of  host for PCI compliance test. We have Sonicwall firewall NSA2400 with up to date firmware. It is saying we need to update the HTTPS certificate issued by Sonicwall to get the SHA-1 signature algorithm for security hash function. How is this done?
0
Comment
Question by:cebu1014
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39711916
Most network devices come with pre-installed (and fairly useless for actual security).
You can get certificates from SSL vendors (cheap example is godaddy.com), and install it in your device. Make sure to request the certificate for the name you'll actually use (www.something.com, vpn.somethingelse.com, etc.).

Tamas
0
 
LVL 25

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39712166
Hi cebu1014,

Here is a step-by-step on how to setup your SSL Cert on the SonicWALL.

NOTE: SonicOS firmwares until 5.9.0.0 support only MD5 and SHA1 certificates. SonicOS 5.9.0.0 and above support SHA1, SHA256 & SHA512. Your SonicWALL's latest SonicOS release is SonicOS 5.9.0.2.107o, and I would recommend upgrading to that if you haven't already.

In order for a device certificate to be validated, the CA (Certificate Authority) certificate should be installed on the SonicWALL device. Some third party public CA may have a subordinate CA which issues certificates to the end uses. To validate the device certificate the certificate chain needs to be installed, see (Screenshot 1)Certificate Path | Screenshot 1Procedure to install the GoDaddy Certificate in SonicWALL device:
The below steps are common for any other Public CA also, not only for GoDaddy.
 
NOTE: Before assigning the imported certificate to the SonicWALL web administration; backup of current settings from the System > Settings > Export Settings button.

1. Option 1: Generate a CSR (Certificate Signing Request) from the SonicWALL device

Prior to generating a CSR from the SonicWALL device, you need to install the Root CA and intermediate CA certificate from GoDaddy web site.

1. Access the https://certs.godaddy.com/anonymous/repository.seam and download/install the gd-class2-root.crt & gd_intermediate.crt Or gd_bundle.crt certificates to the SonicWALL device.
2. Generate a CSR from the SonicWALL device. Logon to the SonicWALL device as admin.
3. Go to System > Certificates > Select the "Imported Certificates" button.
4. Click in "New Signing Request" button.
5. A new CSR window will open up, fill in the details and hit the ‘Generate’ button.
6. On the main window, it’ll show you the status of the CSR as "Pending Request".
7. Click on the download button for that CSR.
8. Download and save it to the computer, it’s a .p10 file.
9. Submit this file to the GoDaddy CA and get the certificate signed as Web server ‘Apache’.
10. After getting a signed certificate, you can import the same certificate to the ‘Pending Request’ import button.
11. In presence of Root CA and intermediate CA certificate, the SonicWALL device should show this certificate as ‘Local’, and ‘Validated’.

2. Option 2: Import a pfx1 format certificate to the SonicWALL device

For this method also you need to first install the Root CA and Intermediate CA certificate from GoDaddy web site.

1. You can generate a CSR from any other web server or a network device and import it in pfx format (including the Private Key associated with that certificate).
2. Go to System > Certificates > Select the "Imported Certificates" button.
3. Click on "Import" button.
4. Supply a name to the certificate (this is just for local identification), certificate password, and the path where the certificate to be imported from.
5. Hit the ‘Import’ button.
6. In presence of Root CA and intermediate CA certificate, the SonicWALL device should show this certificate as ‘Local’, and ‘Validated’.

Assigning the imported certificate to the SonicWALL web administration:

1. Export the existing settings from System > Settings page (click on the "Export settings" button).
2. Go to System > Administration > Web Management Settings > under Certificate Selection, select the recently imported certificate and hit the Apply/Accept button on the top.
3. Logout from the web administration, close the browser window and login back to check the certificate error.
4. Sometimes you may need to restart the SonicWALL device.
Let me know if you have any questions!
0
 

Author Comment

by:cebu1014
ID: 39713332
Great information. Thank you.
We are using 5.8,xxx version of firmware. To be PCI compliant we need to use SHA-1 not MD5 for the cryptographic hash function.
 If updating to 5.9 and above, is all that we need to eliminate the MD5 from being used, then I will update and it is an easier step to see if it is a resolution to the problem.
0
 
LVL 25

Expert Comment

by:Blue Street Tech
ID: 39713357
Terrific. Glad I could help and thanks for the points!
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question