Specifications
Manage Users, Authentication, and VPN Certificates
323
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Manage VPN Self-Signed Certificates
Instead of obtaining a digital certificate from a CA, you can generate and sign your own digital
certificate. However, a self-signed digital certificate triggers a warning from most browsers
because it provides no protection against identity theft of the server. (The following figure
shows an image of a browser security alert.)
There can be three reasons why a security alert is generated for a security certificate:
• The security certificate was issued by a company you have not chosen to trust.
• The date of the security certificate is invalid.
• The name on the security certificate is invalid or does not match the name of the site.
When a security alert is generated, the user can decide whether to trust the host.
Figure 213.
Generate a CSR and Obtain a Self-Signed Certificate from a CA
To use a self-signed certificate, you first need to request the digital certificate from a CA, and
then download and activate the digital certificate on the VPN firewall. To request a self-signed
certificate from a CA, you need to generate a certificate signing request (CSR) for and on the
VPN firewall. The CSR is a file that contains information about your company and about the
device that holds the certificate. Refer to the CA for guidelines about the information that you
need to include in your CSR.
To generate a new CSR file, obtain a digital certificate from a CA, and upload it to the
VPN firewall:
1. Select VPN > Certificates. The Certificates screen displays. The following figure shows
the middle section of the screen with the Active Self Certificates section, Generate Self
Certificate Request section, and Self Certificate Requests section. (The Self Certificate
Requests table contains an example certificate.)