The certificate store allows administrators to manage certificates and certificate chains on the Control Center and stand-alone firewalls. The certificate store is available on stand-alone firewalls, and on the global, range, and cluster level on the Control Center for managed firewalls. Managed firewalls do not have their own certificate store and can only use certificates in the Control Center certificate stores. For information on how to view and manage certificate details, see Certificate Store Page.
The certificate store can be used by the following services:
- CloudGen Firewall TLS Inspection. For more information, see TLS Inspection in the Firewall.
- TLS/SSL Inspection for email traffic. For more information, see Mail Security in the Firewall.
- CloudGen Firewall Access Control service. For more information, see Access Control Service.
- Client-to-site, site-to site, and SSL VPN. For more information, see VPN.
Create a Certificate
- Go to the certificate store:
- Stand-alone Firewall – CONFIGURATION > Configuration Tree > Box > Advanced Configuration > Certificate Store.
- Control Center Global – CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Certificate Store.
- Control Center Range – CONFIGURATION > Configuration Tree > Multi-Range > your range > Range Properties > Certificate Store.
- Control Center Cluster – CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > Cluster Properties > Certificate Store.
- Click Lock.
- Right-click in the table, or click the certificate sign () at the top right of the window.
- Select Create Self Signed Certificate. The Create Self Signed Certificate window opens.
- Enter a Name for the certificate.
- Click Create to create a key, or chose an option to import the key:
- from Clipboard
- from File
- In the Certificate section click Edit.
- Click OK.
The certificate is now added to the certificate store and can be used for configuration.
Import a Certificate
- Go to the certificate store.
- Click Lock.
- Right-click in the table, or click the plus sign at the top right of the window.
- Select Import new Certificate Store Entry.
- Chose an option to import the certificate:
- from Clipboard
- from File
- Select the certificate to import, and click Open.
- Import the certificate.
The certificate is now added to the certificate store and can be used for configuration.
Add Key to Certificate
If a certificate has no public key assigned, you can assign a key in the certificate store.
- Right-click the certificate you want to add the key to.
- Select Assign Key to Certificate Store Entry from the context drop-down menu.
- Import the key from Clipboard or from File.
Export a Certificate
- Go to the certificate store.
- Click Lock.
- Right-click the certificate you want to export.
- Select Export.
- Select your desired export option from the context drop-down menu.
- Choose to Clipboard or to File.
- When selecting to File, enter a name for the certificate and save it to a chosen location.
Edit a Comment on a Certificate
In some cases, you might want to add extra information to a certificate entry. To do so, use the Comment field.
- Select the Comment field for the certificate you want to add the comment to.
- Click the pen icon in the top right corner of the field, or right-click the certificate and select Edit Comment.
- Enter your comment.
Delete a Certificate
- Right-click the certificate you want to delete.
- Select Delete Certificate Store Entry from the context drop-down menu.
You can also delete a certificate by selecting it and clicking the red cross sign (x) at the top right of the window.
Enable the Certificate Store on a Control Center
- Go to the Range Properties or Cluster Properties page.
- Control Center Range – CONFIGURATION > Configuration Tree > Multi-Range > your range > Range Properties.
- Control Center Cluster – CONFIGURATION > Configuration Tree > Multi-Range > your range > your cluster > Cluster Properties.
- Click Lock.
- Set Own certificate store Settings to Yes.
- Click Send Changes and Activate.
The certificate store is now added to the range or cluster.