Create and sign HTTPS certificates for browser-based user authentication

If HTTPS is enabled for Browser-Based User Authentication, you must have a signed HTTPS certificate.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click a Firewall or Virtual Firewall element, then select Edit <element type>.
  2. In the navigation pane on the left, browse to Add-Ons > User Authentication.
  3. If HTTPS is not selected, select HTTPS.
  4. Click HTTPS Settings.
  5. Enter the certificate information.
  6. Select how you want to sign the certificate:
    • Select With External Certificate Authority if you want to create a certificate request for an external certificate authority to sign.
    • Select Internally with to sign the certificate using the Internal CA for Gateways of the SMC.

      If more than one valid internal certificate authority is available, select which internal CA signs the certificate request.

  7. Click Generate Request.
  8. (External certificate authorities only) When the certificate request is displayed, click Export and sign the certificate with an external certificate authority.
  9. Click Import Certificate to import the signed certificate.
  10. Click OK to close the Certificate Request dialog box.
  11. Click OK to close the Browser-Based User Authentication dialog box.

Browser-Based User Authentication HTTPS configuration dialog box

Use this dialog box to change the properties of an HTTPS certificate for browser-based user authentication.

Option Definition
Common Name (CN) The fully qualified domain name (FQDN) of the authentication page as it appears in the certificate.
Organization (O)

(Optional)

The name of your organization as it appears in the certificate.
Organizational Unit (OU)

(Optional)

The name of your department or division as it appears in the certificate.
Country/Region (C)

(Optional)

Standard two-character country code for the country of your organization.
State/Province (ST)

(Optional)

The name of state or province as it appears in the certificate.
City/Locality (L)

(Optional)

The name of the city as it appears in the certificate.
Key Length Length of the key for the generated public-private key pair.

The default is 2048 bits.

Sign
With External Certificate Authority Select this option if you want to create a certificate request that another certificate authority signs.
Internally with Select this option to sign the certificate using an internal CA. If more than one valid internal CA is available, select the internal CA that signs the certificate request. There can be multiple valid internal CAs in the following cases:
  • There is both an Internal RSA CA for Gateways and an Internal ECDSA CA for Gateways.
  • The Internal CA for Gateways is in the process of being renewed and both the previous CA and the new CA are temporarily available.
Generate Request Generates the request or the internal certificate details.
Option Definition
Certificate Request

(External certificate authority)

Subject Name The identifier of the certified entity.
Export Opens the Export Certificate Request dialog box.
Import Certificate Opens the Import Certificate dialog box.
Delete Deletes the certificate request.
Sign Internally Signs the certificate with the Internal CA. If more than one valid internal CA is available, opens the Sign Certificate Request dialog box.
Certificate section

(Internal certificate authority)

Shows the certificate fingerprint using the SHA-512 algorithm.
Subject Name The identifier of the certified entity.
Valid From Shows start date of certificate validity.
Valid To Shows end date of certificate validity.
Fingerprint (SHA-1) Shows the certificate fingerprint using the SHA-1 algorithm.
Fingerprint (MD5) Shows the certificate fingerprint using the MD5 algorithm.
Fingerprint (SHA-512) Shows the certificate fingerprint using the SHA-512 algorithm.
Export Opens the Export Certificate dialog box.
Delete Deletes the certificate.

Export Certificate Request dialog box

Use this dialog box to export a certificate request to sign using an external certificate authority (CA)

Option Definition
Certificate request field Shows the certificate request as text. You can copy and paste the certificate request into an external application to sign the certificate. The field is not editable.
Export Exports the certificate request so that you can sign it using an external certificate authority. Opens the Export Certificate Request dialog box.

Sign Certificate Request dialog box

Use this dialog box to sign certificate requests for internal VPN gateways.

Option Definition
Sign With If more than one valid internal certificate authority is available, allows you to select which internal CA signs the certificate request.
  • <default internal CA> — The default internal CA element signs the certificate.
  • Select — Allows you to select a CA element. Opens the Select dialog.
Sign Signs the certificate using the selected CA, then closes the window.