Create and sign HTTPS certificates for browser-based user authentication
If HTTPS is enabled for Browser-Based User Authentication, you must have a signed HTTPS certificate.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Right-click a Firewall or Virtual Firewall element, then select Edit <element type>.
- In the navigation pane on the left, browse to .
- If HTTPS is not selected, select HTTPS.
- Click HTTPS Settings.
- Enter the certificate information.
-
Select how you want to sign the certificate:
- Select With External Certificate Authority if you want to create a certificate request for an external certificate authority to sign.
- Select
Internally with to sign the certificate using the Internal CA for Gateways of the
SMC.
If more than one valid internal certificate authority is available, select which internal CA signs the certificate request.
- Click Generate Request.
- (External certificate authorities only) When the certificate request is displayed, click Export and sign the certificate with an external certificate authority.
- Click Import Certificate to import the signed certificate.
- Click OK to close the Certificate Request dialog box.
- Click OK to close the Browser-Based User Authentication dialog box.
Browser-Based User Authentication HTTPS configuration dialog box
Use this dialog box to change the properties of an HTTPS certificate for browser-based user authentication.
Option | Definition |
---|---|
Common Name (CN) | The fully qualified domain name (FQDN) of the authentication page as it appears in the certificate. |
Organization (O)
(Optional) |
The name of your organization as it appears in the certificate. |
Organizational Unit (OU)
(Optional) |
The name of your department or division as it appears in the certificate. |
Country/Region (C)
(Optional) |
Standard two-character country code for the country of your organization. |
State/Province (ST)
(Optional) |
The name of state or province as it appears in the certificate. |
City/Locality (L)
(Optional) |
The name of the city as it appears in the certificate. |
Key Length | Length of the key for the generated public-private key pair.
The default is 2048 bits. |
Sign | |
With External Certificate Authority | Select this option if you want to create a certificate request that another certificate authority signs. |
Internally with | Select this option to sign the certificate using an internal CA. If more than one valid internal CA is available, select the internal CA that signs the certificate request. There can be multiple valid internal CAs in the following cases:
|
Generate Request | Generates the request or the internal certificate details. |
Option | Definition |
---|---|
Certificate Request
(External certificate authority) |
|
Subject Name | The identifier of the certified entity. |
Export | Opens the Export Certificate Request dialog box. |
Import Certificate | Opens the Import Certificate dialog box. |
Delete | Deletes the certificate request. |
Sign Internally | Signs the certificate with the Internal CA. If more than one valid internal CA is available, opens the Sign Certificate Request dialog box. |
Certificate section
(Internal certificate authority) |
Shows the certificate fingerprint using the SHA-512 algorithm. |
Subject Name | The identifier of the certified entity. |
Valid From | Shows start date of certificate validity. |
Valid To | Shows end date of certificate validity. |
Fingerprint (SHA-1) | Shows the certificate fingerprint using the SHA-1 algorithm. |
Fingerprint (MD5) | Shows the certificate fingerprint using the MD5 algorithm. |
Fingerprint (SHA-512) | Shows the certificate fingerprint using the SHA-512 algorithm. |
Export | Opens the Export Certificate dialog box. |
Delete | Deletes the certificate. |
Export Certificate Request dialog box
Use this dialog box to export a certificate request to sign using an external certificate authority (CA)
Option | Definition |
---|---|
Certificate request field | Shows the certificate request as text. You can copy and paste the certificate request into an external application to sign the certificate. The field is not editable. |
Export | Exports the certificate request so that you can sign it using an external certificate authority. Opens the Export Certificate Request dialog box. |
Sign Certificate Request dialog box
Use this dialog box to sign certificate requests for internal VPN gateways.
Option | Definition |
---|---|
Sign With | If more than one valid internal certificate authority is available, allows you to select which internal CA signs the certificate request.
|
Sign | Signs the certificate using the selected CA, then closes the window. |