How To Find Certificate Authority In Domain

How can I obtain a Certificate from a Windows Certificate Authority (CA)?

10/fourteen/2021 789 People constitute this article helpful 173,652 Views

Description

This article describes how to obtain a document from an internal CA for the purpose of SonicWall Web Management.

Deployment Prerequisites

Microsoft Windows Active Directory Services installed and configured.
Microsoft Certificate Services installed and configured.
Microsoft Internet Information Services (IIS) seven.0 installed and configure.

Deployment Steps

Exporting the CA Certificate from the Active Directory Server.
Importing the CA Certificate onto the SonicWall.
Creating a New Signing Request in SonicWall Apparatus.
Requesting document for the new signing Request by the MS Certificate Authority.
Validating the Document on the SonicWall Appliance.
How to Test

Resolution

Exporting the Root CA Certificate from the Active Directory (Advertising) Server

In the AD server, launch the Certificate Authorisation application past Start |Run|certsrv.msc.
Right click the CA you lot created and select Properties.
On the General tab, clickView Certificate button.
On the Details tab, select Copy to File.
Follow through the wizard, and select the DER Encoded binary Ten.509 (.cer) format.
Click browse and specify a path and filename to save the certificate.
ClickNext button and clickTerminate.

Importing the CA Certificate onto the SonicWall

Click Manage in the top navigation menu.
Navigate to Appliance | Certificates.
ClickImport. Select the certificate file you lot simply exported.
Select Import a CA certificate from a PKCS#vii (.p7b), PEM (.pem) or DER (.der or .cer) encoded file,
ClickBrowse and Select the certificate file you lot simply exported from the MS Certificate Authorization.
Once the root certificate is selected, Clickimport push button.
Once the CA root certificate is imported, it volition be listed nether the Apparatus | Certificates page with blazon as CA Certificate.
TIP: This page tin be filtered to easily locate this document by irresolute the View Way to Imported certificates and requests.

Creating a Document Signing Request (CSR) in SonicWall Appliance

Navigate toAppliance | Certificates page and clickNew Signing Request.
Make full out the CSR form in SonicWall device and clickGenerate. For the most role, you can leave the drop-down boxes to their defaults and fill out each field as suggested past its corresponding drop-downwardly box.
The Appliance | Certificates page will refresh and your new certificate will appear with a type ofPending Request.

Annotation: You may demand to refresh the page for this status to appear.
ClickExport button. In the new Pop-up window, click Export and salve the file locally on your device for later import to the Windows Server.

Requesting a certificate for the CSR from the MS Certificate Potency

TIP: If the MS CA server is running IIS (and the admin has allowed admission to this interface), the easiest way to submit the firewall s CSR is via spider web browser.

Open a browser and enter http://x.10.x.x/certsrv/ (replace ten.x.x.x with the IP address of your MS CA server). You will exist presented with the certificate services interface (see below).
Select the task Request a Document.
Clickadvanced certificate request.
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base of operations-64-encoded PKCS #7 file.
Copy and paste the contents of the CSR in the Saved Request box.
Select Web Server under Document Template.
Select DER encoded and clickDownload Certificate. Relieve the file to your local system using whatever name you wish this file will exist imported into SonicWall appliance.

Validating the Certificate on the SonicWall Appliance

Navigate toSystem|Certificates page.
ClickUpload Signed certificate for the certificate that has type Pending request.
Browse for the downloaded file from the CA and clickUpload.
Once the certificate has been uploaded, the certificate will show type every bit Local Certificate and Validated equally YES.

How to Exam

Now that a signed certificate has been imported into the SonicWall, it can exist used for HTTPS management of SonicWall interfaces likewise every bit for SSL-VPN. To set the imported certificate as the direction certificate, perform the following steps

Navigate toAppliance | Base Settings.
Nether the Spider web Management Settings section, select the imported certificate nether Certificate Selection.
ClickAccept to save the changes.
When logging into the SonicWall after importing the signed certificate yous may receive the following browser errors:

Caution: "The security certificate was issued past a company you lot accept not chosen to trust. View the certificate to determine whether you desire to trust the certifying authority".
You get this error because the issuing CA certificate is non in the document shop of the browser. To resolve information technology, install the certificate in the certificate store of the browser.

CAUTION: "The name on the security certificate is invalid or does not match the proper name of the site".
You get this fault because you are accessing the site using a different name from the certificate Common Name (CN) you lot entered when creating the Certificate Signing Request (CSR). In the higher up example the SonicWall is being accessed using an IP accost although the CN in the document is SonicWall.local (see higher up) : You lot take two options to overcome this error: