Configure the Firebox Web Server Certificate

Applies To: Locally-managed Fireboxes

When users connect to your Firebox with a web browser, they often see a security warning. This warning occurs because the default certificate is not trusted, or because the certificate does not match the IP address or domain name used for authentication. You can use a third-party or self-signed certificate that matches the IP address or domain name for user authentication. You must import that certificate on each client browser or device to prevent the security warnings.

If you use a certificate for authentication, it is important to track when the certificates expire. This helps to avoid disruptions in critical services such as VPN.

For more information about how to import and install a third-party Web Server certificate, go to Import and Install a Third-Party Web Server Certificate.

For information about how to configure a web server certificate for authentication of a cloud-managed Firebox, go to Configure the Web Server Certificate for Firebox Authentication in WatchGuard Cloud.

  1. In Fireware v12.2.1 or higher, select System > Certificates, and then select the Firebox Web Server Certificate tab.

In Fireware v12.2 or lower, select Authentication > Web Server Certificate.

Screen shot of the Firebox Web Server Certificate page

  1. To use the default certificate, select Default certificate signed by Firebox and proceed to the last step in this procedure.
  2. To use a certificate you have previously imported, select Third party certificates.
  3. Select a certificate from the Third party certificates drop-down list and proceed to the last step in this procedure.
    This certificate must be recognized as a web certificate.
  4. To create a custom certificate signed by your Firebox, select Custom certificate signed by Firebox.
  5. Type the Common Name for your organization. This is usually your domain name.
  6. (Optional) You can also type an Organization Name and an Organization Unit Name to identify the part of your organization that created the certificate.
  7. To create additional subject names, or interface IP addresses for IP address on which the certificate is intended for use, in the Domain Names text box, type the domain name and click Add.
    The domain name appears in the Domain Names list.
  8. Repeat Step 8 to add more domain names.
  9. Click Save.
  1. In Fireware v12.2.1 or higher, select Setup > Certificates, and then select the Firebox Web Server Certificate tab.

In Fireware v12.2 or lower, select Setup > Authentication > Web Server Certificate.

Screenshot of Web Server Certificate page

  1. To use the default certificate, select Default certificate signed by Firebox and proceed to the last step in this procedure.
  2. To use a certificate you have previously imported, select Third party certificate.
  3. Select a certificate from the Third party certificate drop-down list and proceed to the last step in this procedure.
    This certificate must be recognized as a Web certificate.
  4. To create a custom certificate signed by your Firebox, select Custom certificate signed by Firebox.
  5. Type the Common Name for your organization. This is usually your domain name.
  6. (Optional) You can also type an Organization Name and an Organization Unit Name to identify the part of your organization that created the certificate.
  7. Click Add Domain Names or Add Interface IP Addresses.

Screenshot of the Add Domain Names dialog box

Screenshot of the Add Interface IP Addresses dialog box

  1. In the text box at the lower part of the dialog box, type a domain name or IP address of an interface on your Firebox.
  2. Click Add.
  3. Repeat Steps 8–9 to add more domain names.
  4. Click OK.

To view the current web server certificate:

  1. Open Firebox System Manager.
  2. Select View > Certificates. The web server certificate is marked with an asterisk.

Related Topics

About Certificates

Manage Device Certificates (WSM)

About User Authentication

Configure the Web Server Certificate for Firebox Authentication in WatchGuard Cloud