en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

Instale certificados SSL encadenados en SonicWALL SSL Offloader

These are the steps to install Chained Certificates on a SonicWall SSL Offloader or Uploader. The term ‘offloader’ and ‘uploader’ refer to the same process. 

All SonicWall SSL Offloaders support Chained Certificates. Chained Certificates allow for a root certificate to delegate certificate signing to multiple trusted certificates creating a chain of trust.

Additional information regarding Chained Certificates se puede encontrar aquí.

Que necesitarás

1. Certificate files from SSL.com 

2. A Text Editor 

3. OpenSSL.exe 

4. SonicWall Configuration Manager 

We’d also recommend reading up on SSL /TLS certificados de seguridad to get a basic understanding, and to familiarize yourself with the SonicWall Configuration Manager.

High-Level View

1. Unzip the certificates. 

a. Multiple certs will appear: the Root, the Intermediate, and the Server Certificates 

b. These will be entered later into the SonicWall SSL Offloader. 

2. Launch OpenSSL. 

3. Open a text editor. 

4. Copy and paste the text of the certificate information. 

5. Continue with the instruction set from SonicWall. 

6. Validate and test. 

Process Specifics 

OpenSSL: The latest version of OpenSSL is 3.0. Additional information can be found by accessing https://www.openssl.org/source/ 

1. Launch OpenSSL.exe 

2. The OpenSSL application was installed at the same time and location as the SonicWall Configuration Manager. 

3. Another option to access OpenSSL is by choosing Custom Installation. 

Once OpenSSL is launched: 

1. Open the following 

a. Domain.ca-bundle.crt 

b. Domain.crt 

2. Copy and Paste: 

a. Copy and paste the entire text including 

—– COMENZAR EL CERTIFICADO—– 

—– FIN CERTIFICADO—– 

El certificado domain.crt es el certificado del servidor. 

El dominio.ca-bundle.crt es el certificado intermediario. 

3. Save these files (C:server.pem and C:inter.pem) 

a. Additional information regarding pem files is available here: https://www.ssl.com/faqs/how-can-i-getmy-certificates-in-pem-format/ 

4. Verify the certificate information with OpenSSL: 

a. x509 -in C:server.pem -text 

i. (and) 

b. x509 -in C:inter.pem -text

Procedure Flow Example 

1. With the proper certificates, start by loading the certificates into certificate objects. 

2. The separate certificate objects are then loaded into a certificate group. 

3. This example demonstrates how to load two certificates into individual certificate objects, create a certificate group, and enable the use of the group as a certificate chain. 

a. The name of the Transaction Security device is myDevice. 

b. The name of the secure logical server is server1. 

c. The name of the PEM-encoded, CA generated certificate is server.pem; the name of the PEM-encoded certificate is inter.pem. 

d. The names of the recognized and local certificate objects are trustedCert and myCert, respectively. 

e. The name of the certificate group is CACertGroup. 

f. Start the configuration manager as described in the manual. 

4. Attach the configuration manager and enter Configuration mode. (If an attach or configuration level password is assigned to the device, you are prompted to enter any passwords.) 

a. inxcfg> attach myDevice 

b. inxcfg> configure myDevice 

c. (config[myDevice])> 

5. Enter SSL Configuration mode and create an intermediary certificate named CACert, entering into Certificate Configuration mode. 

6. Load the PEM-encoded file into the certificate object and return to SSL Configuration mode. 

a. (config[myDevice])> ssl 

b. (config-ssl[myDevice])> cert myCert create 

c. (config-ssl-cert[CACert])> pem inter.pem 

d. (config-ssl-cert[CACert])> end 

e. (config-ssl[myDevice])> 

7. Enter Key Association Configuration mode, load the PEM-encoded CA certificate and private key files, and return to SSL Configuration mode. 

a. (config-ssl[myDevice])> keyassoc localKeyAssoc create 

b. (config-ssl-keyassoc[localKeyAssoc])> pem server.pem key.pem 

c. (config-ssl-keyassoc[localKeyAssoc])> end 

d. (config-ssl[myDevice])> 

8. Enter Certificate Group Configuration mode, create the certificate group CACertGroup, load the certificate object CACert, and return to SSL Configuration mode. 

a. (config-ssl[myDevice])> certgroup CACertGroup create 

b. (config-ssl-certgroup[CACertGroup])> cert myCert 

c. (config-ssl-certgroup[CACertGroup])> end 

d. (config-ssl[myDevice])> 

9. Enter Server Configuration mode, create the logical secure server server1,assign an IP address, SSL and clear text ports, a security policy myPol, the certificate group CACertGroup, key association localKeyAssoc, and exit to Top Level mode. (config-ssl[myDevice])> server server1 create 

a. (config-ssl-server[server1])> ip address 10.1.2.4 netmask 255.255.0.0 

b. (config-ssl-server[server1])> sslport 443 

c. (config-ssl-server[server1])> remoteport 81 

d. (config-ssl-server[server1])> secpolicy myPol 

e. (config-ssl-server[server1])> certgroup chain CACertGroup 

f. (config-ssl-server[server1])> keyassoc localKeyAssoc 

g. (config-ssl-server[server1])> end 

h. (config-ssl[myDevice])> end 

i. (config[myDevice])> end 

j. inxcfg> 

10. Save the configuration to flash memory. If it is not saved, the configuration is lost during a power cycle or if the reload command is used. 

a. inxcfg> write flash myDevice 

b. inxcfg>

¡Gracias por elegir SSL.com! Si tiene alguna pregunta, comuníquese con nosotros por correo electrónico a Support@SSL.com, llamada 1-877-SSL-SECURE, o simplemente haga clic en el enlace de chat en la parte inferior derecha de esta página.

Relacionado cómo Tos

Suscríbase al boletín de SSL.com

Que es SSL /TLS?

Reproduce el video

Suscríbase al boletín de SSL.com

No te pierdas los nuevos artículos y actualizaciones de SSL.com