Solved

Sonicwall HTTPS Certificate

Posted on 2013-12-11
4
7,772 Views
Last Modified: 2013-12-11
Have received this report upon authorized scanning of  host for PCI compliance test. We have Sonicwall firewall NSA2400 with up to date firmware. It is saying we need to update the HTTPS certificate issued by Sonicwall to get the SHA-1 signature algorithm for security hash function. How is this done?
0
Comment
Question by:cebu1014
  • 2
4 Comments
 
LVL 17

Expert Comment

by:TimotiSt
Comment Utility
Most network devices come with pre-installed (and fairly useless for actual security).
You can get certificates from SSL vendors (cheap example is godaddy.com), and install it in your device. Make sure to request the certificate for the name you'll actually use (www.something.com, vpn.somethingelse.com, etc.).

Tamas
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
Comment Utility
Hi cebu1014,

Here is a step-by-step on how to setup your SSL Cert on the SonicWALL.

NOTE: SonicOS firmwares until 5.9.0.0 support only MD5 and SHA1 certificates. SonicOS 5.9.0.0 and above support SHA1, SHA256 & SHA512. Your SonicWALL's latest SonicOS release is SonicOS 5.9.0.2.107o, and I would recommend upgrading to that if you haven't already.

In order for a device certificate to be validated, the CA (Certificate Authority) certificate should be installed on the SonicWALL device. Some third party public CA may have a subordinate CA which issues certificates to the end uses. To validate the device certificate the certificate chain needs to be installed, see (Screenshot 1)Certificate Path | Screenshot 1Procedure to install the GoDaddy Certificate in SonicWALL device:
The below steps are common for any other Public CA also, not only for GoDaddy.
 
NOTE: Before assigning the imported certificate to the SonicWALL web administration; backup of current settings from the System > Settings > Export Settings button.

1. Option 1: Generate a CSR (Certificate Signing Request) from the SonicWALL device

Prior to generating a CSR from the SonicWALL device, you need to install the Root CA and intermediate CA certificate from GoDaddy web site.

1. Access the https://certs.godaddy.com/anonymous/repository.seam and download/install the gd-class2-root.crt & gd_intermediate.crt Or gd_bundle.crt certificates to the SonicWALL device.
2. Generate a CSR from the SonicWALL device. Logon to the SonicWALL device as admin.
3. Go to System > Certificates > Select the "Imported Certificates" button.
4. Click in "New Signing Request" button.
5. A new CSR window will open up, fill in the details and hit the ‘Generate’ button.
6. On the main window, it’ll show you the status of the CSR as "Pending Request".
7. Click on the download button for that CSR.
8. Download and save it to the computer, it’s a .p10 file.
9. Submit this file to the GoDaddy CA and get the certificate signed as Web server ‘Apache’.
10. After getting a signed certificate, you can import the same certificate to the ‘Pending Request’ import button.
11. In presence of Root CA and intermediate CA certificate, the SonicWALL device should show this certificate as ‘Local’, and ‘Validated’.

2. Option 2: Import a pfx1 format certificate to the SonicWALL device

For this method also you need to first install the Root CA and Intermediate CA certificate from GoDaddy web site.

1. You can generate a CSR from any other web server or a network device and import it in pfx format (including the Private Key associated with that certificate).
2. Go to System > Certificates > Select the "Imported Certificates" button.
3. Click on "Import" button.
4. Supply a name to the certificate (this is just for local identification), certificate password, and the path where the certificate to be imported from.
5. Hit the ‘Import’ button.
6. In presence of Root CA and intermediate CA certificate, the SonicWALL device should show this certificate as ‘Local’, and ‘Validated’.

Assigning the imported certificate to the SonicWALL web administration:

1. Export the existing settings from System > Settings page (click on the "Export settings" button).
2. Go to System > Administration > Web Management Settings > under Certificate Selection, select the recently imported certificate and hit the Apply/Accept button on the top.
3. Logout from the web administration, close the browser window and login back to check the certificate error.
4. Sometimes you may need to restart the SonicWALL device.
Let me know if you have any questions!
0
 

Author Comment

by:cebu1014
Comment Utility
Great information. Thank you.
We are using 5.8,xxx version of firmware. To be PCI compliant we need to use SHA-1 not MD5 for the cryptographic hash function.
 If updating to 5.9 and above, is all that we need to eliminate the MD5 from being used, then I will update and it is an easier step to see if it is a resolution to the problem.
0
 
LVL 24

Expert Comment

by:diverseit
Comment Utility
Terrific. Glad I could help and thanks for the points!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now