• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9580
  • Last Modified:

Sonicwall HTTPS Certificate

Have received this report upon authorized scanning of  host for PCI compliance test. We have Sonicwall firewall NSA2400 with up to date firmware. It is saying we need to update the HTTPS certificate issued by Sonicwall to get the SHA-1 signature algorithm for security hash function. How is this done?
  • 2
1 Solution
TimotiStDatacenter TechnicianCommented:
Most network devices come with pre-installed (and fairly useless for actual security).
You can get certificates from SSL vendors (cheap example is godaddy.com), and install it in your device. Make sure to request the certificate for the name you'll actually use (www.something.com, vpn.somethingelse.com, etc.).

Blue Street TechLast KnightsCommented:
Hi cebu1014,

Here is a step-by-step on how to setup your SSL Cert on the SonicWALL.

NOTE: SonicOS firmwares until support only MD5 and SHA1 certificates. SonicOS and above support SHA1, SHA256 & SHA512. Your SonicWALL's latest SonicOS release is SonicOS, and I would recommend upgrading to that if you haven't already.

In order for a device certificate to be validated, the CA (Certificate Authority) certificate should be installed on the SonicWALL device. Some third party public CA may have a subordinate CA which issues certificates to the end uses. To validate the device certificate the certificate chain needs to be installed, see (Screenshot 1)Certificate Path | Screenshot 1Procedure to install the GoDaddy Certificate in SonicWALL device:
The below steps are common for any other Public CA also, not only for GoDaddy.
NOTE: Before assigning the imported certificate to the SonicWALL web administration; backup of current settings from the System > Settings > Export Settings button.

1. Option 1: Generate a CSR (Certificate Signing Request) from the SonicWALL device

Prior to generating a CSR from the SonicWALL device, you need to install the Root CA and intermediate CA certificate from GoDaddy web site.

1. Access the https://certs.godaddy.com/anonymous/repository.seam and download/install the gd-class2-root.crt & gd_intermediate.crt Or gd_bundle.crt certificates to the SonicWALL device.
2. Generate a CSR from the SonicWALL device. Logon to the SonicWALL device as admin.
3. Go to System > Certificates > Select the "Imported Certificates" button.
4. Click in "New Signing Request" button.
5. A new CSR window will open up, fill in the details and hit the ‘Generate’ button.
6. On the main window, it’ll show you the status of the CSR as "Pending Request".
7. Click on the download button for that CSR.
8. Download and save it to the computer, it’s a .p10 file.
9. Submit this file to the GoDaddy CA and get the certificate signed as Web server ‘Apache’.
10. After getting a signed certificate, you can import the same certificate to the ‘Pending Request’ import button.
11. In presence of Root CA and intermediate CA certificate, the SonicWALL device should show this certificate as ‘Local’, and ‘Validated’.

2. Option 2: Import a pfx1 format certificate to the SonicWALL device

For this method also you need to first install the Root CA and Intermediate CA certificate from GoDaddy web site.

1. You can generate a CSR from any other web server or a network device and import it in pfx format (including the Private Key associated with that certificate).
2. Go to System > Certificates > Select the "Imported Certificates" button.
3. Click on "Import" button.
4. Supply a name to the certificate (this is just for local identification), certificate password, and the path where the certificate to be imported from.
5. Hit the ‘Import’ button.
6. In presence of Root CA and intermediate CA certificate, the SonicWALL device should show this certificate as ‘Local’, and ‘Validated’.

Assigning the imported certificate to the SonicWALL web administration:

1. Export the existing settings from System > Settings page (click on the "Export settings" button).
2. Go to System > Administration > Web Management Settings > under Certificate Selection, select the recently imported certificate and hit the Apply/Accept button on the top.
3. Logout from the web administration, close the browser window and login back to check the certificate error.
4. Sometimes you may need to restart the SonicWALL device.
Let me know if you have any questions!
cebu1014Author Commented:
Great information. Thank you.
We are using 5.8,xxx version of firmware. To be PCI compliant we need to use SHA-1 not MD5 for the cryptographic hash function.
 If updating to 5.9 and above, is all that we need to eliminate the MD5 from being used, then I will update and it is an easier step to see if it is a resolution to the problem.
Blue Street TechLast KnightsCommented:
Terrific. Glad I could help and thanks for the points!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now