Create and sign HTTPS certificates for browser-based user authentication
If HTTPS is enabled for Browser-Based User Authentication, you must have a signed HTTPS certificate.
For more details about the product and how to configure features, click Help or
press F1.
Steps
- Right-click an NGFW Engine, then select Edit <element type>.
- Browse to .
- If HTTPS is not selected, select HTTPS.
- Click HTTPS Settings.
- Enter the certificate information.
-
Select how you want to sign the certificate:
- Select With External Certificate Authority if you want to create a certificate request for an external certificate authority to sign.
- Select
Internally with to sign the certificate using the Internal CA for Gateways of the
SMC.
If more than one valid internal certificate authority is available, select which internal CA signs the certificate request.
- Click Generate Request.
- (External certificate authorities only) When the certificate request is displayed, click Export and sign the certificate with an external certificate authority.
- Click Import Certificate to import the signed certificate.
- Click OK to close the Certificate Request dialog box.
- Click OK to close the Browser-Based User Authentication dialog box.
Browser-Based User Authentication HTTPS Configuration dialog box
Use this dialog box to change the properties of an HTTPS certificate for browser-based user authentication.
| Option | Definition |
|---|---|
| Organization (O) (Optional) |
The name of your organization as it appears in the certificate. |
| Organization Unit (OU)
(Optional) |
The name of your department or division as it appears in the certificate. |
| State/Province (ST)
(Optional) |
The name of state or province as it appears in the certificate. |
| Locality (L)
(Optional) |
The name of the city as it appears in the certificate. |
| Common Name (CN) | The value for the Common Name field in the certificate request. For server certificates, the value is typically the fully qualified domain name (FQDN). |
| Key Length | The length of the key in bits. |
| Sign | |
| With External Certificate Authority | Select this option if you want to create a certificate request that another certificate authority signs. |
| Internally with | Select this option to sign the certificate using an internal CA. If more than one valid internal CA is available, select the internal CA that signs the
certificate request. There can be multiple valid internal CAs in the following cases:
|
| Generate Request | Generates the request. The certificate request is shown in the same dialog box. |
| Option | Definition |
|---|---|
| Certificate Request — if signing with an external certificate authority | |
| Subject Name | The identifier of the certified entity. |
| Export | Opens the Export Certificate Request dialog box. |
| Import Certificate | Opens the Import Certificate dialog box. |
| Delete | Deletes the certificate request. |
| Sign Internally | Signs the certificate with the Internal CA. If more than one valid internal CA is available, opens the Sign Certificate Request dialog box. |
| Option | Definition |
|---|---|
| Certificate Request — if signing with an internal certificate authority | |
| Subject Name | The identifier of the certified entity. |
| Public Key Algorithm | The algorithm used for the public key. |
| Key Length | The length of the key in bits. |
| Serial Number | The sequence number of the certificate. The number is issued by the CA. |
| Signature Algorithm | The signature algorithm that was used to sign the certificate. |
| Signed By | The CA that signed the certificate. |
| SubjectAltName | The subject alternative name fields of the certificate. |
| Valid From | The start date of certificate validity. |
| Valid To | The end date of certificate validity. |
| Fingerprint (SHA-1) | The certificate fingerprint using the SHA-1 algorithm. |
| Fingerprint (SHA-256) | The certificate fingerprint using the SHA-256 algorithm. |
| Fingerprint (SHA-512) | The certificate fingerprint using the SHA-512 algorithm. |
| Export | Opens the Export Certificate dialog box. |
| Delete | Deletes the certificate request. |
Export Certificate Request dialog box
Use this dialog box to export a certificate request to sign using an external certificate authority.
| Option | Definition |
|---|---|
| Certificate request field | Shows the certificate request as text. You can copy and paste the certificate request into an external application to sign the certificate. |
| Export | Exports the certificate request so that you can sign it using an external certificate authority. Opens the Export Certificate Request dialog box. |
Sign Certificate Request dialog box
Use this dialog box to sign certificate requests for internal VPN gateways.
| Option | Definition |
|---|---|
| Sign With | If more than one valid internal certificate authority is available, allows you to select which internal CA signs the certificate request.
|
| Sign | Signs the certificate using the selected CA, then closes the window. |