Print topic

Import a Certificate on a Client Device

When you configure your Firebox or XTM device to use a custom or third-party certificate for authentication or HTTPS content inspection, you must import that certificate on each client in your network to prevent security warnings. This also allows services like Windows Update to operate correctly.

If you normally use Fireware XTM Web UI, you must install Firebox System Manager before you can export certificates.

Import a PEM Format Certificate with Windows XP

This process allows Internet Explorer, Windows Update, and other programs or services that use the Windows certificate store on Microsoft Windows XP to get access to the certificate.

  1. In the Windows Start menu, select Run.
  2. Type mmc and click OK.

    A Windows Management Console appears.
  3. Select File > Add/Remove Snap-In.
  4. Click Add.
  5. Select Certificates, then click Add.
  6. Select Computer account and click Next.
  7. Click Finish, Close, and OK to add the certificates module.
  8. In the Console Root window, expand the Certificates tree.
  9. Expand the Trusted Root Certification Authorities object.
  10. Under the Trusted Root Certification Authorities object, right-click Certificates and select All Tasks > Import.
  11. Click Next.
  12. Click Browse to find and select the HTTPS Proxy Authority CA certificate you previously exported. Click OK.
  13. Click Next, then click Finish to complete the wizard.

Import a PEM format certificate with Windows Vista

This process allows Internet Explorer, Windows Update, and other programs or services that use the Windows certificate store on Microsoft Windows Vista to get access to the certificate.

  1. On the Windows Start menu, type certmgr.msc in the Search text box and press Enter.
    If you are prompted to authenticate as an administrator, type your password or confirm your access.
  2. Select the Trusted Root Certification Authorities object.
  3. From the Action menu, select All Tasks > Import.
  4. Click Next. Click Browse to find and select the HTTPS Proxy Authority CA certificate you previously exported. Click OK.
  5. Click Next, then click Finish to complete the wizard.

Import a PEM Format Certificate with Mozilla Firefox 3.x

Mozilla Firefox uses a private certificate store instead of the operating system certificate store. If clients on your network use the Firefox browser, you must import the certificate into the Firefox certificate store even if you have already imported the certificate on the host operating system.

When you have more than one Firebox or XTM device that uses a self-signed certificate for HTTPS content inspection, clients on your network must import a copy of each Firebox or XTM device certificate. However, the default self-signed Firebox or XTM device certificates use the same name, and Mozilla Firefox only recognizes the first certificate you import when more than one certificate has the same name. We recommend that you replace the default self-signed certificates with a certificate signed by a different CA, and then distribute those CA certificates to each client.

  1. In Firefox, select Tools > Options.

    The Options dialog box appears.
  2. Click the Advanced icon.
  3. Select the Encryption tab, then click View Certificates.

    The Certificate Manager dialog box appears.
  4. Select the Authorities tab, then click Import.
  5. Browse to select the certificate file, then click Open.
  6. In the Downloading Certificate dialog box, select the Trust this CA to identify web sites check box. Click OK.
  7. Click OK twice to close the Certificate Manager and Options dialog boxes.
  8. Restart Firefox.

Import a PEM Format Certificate with Mac OS X 10.5

This process allows Safari and other programs or services that use the Mac OS X certificate store to get access to the certificate.

  1. Open the Keychain Access application.
  2. Select the Certificates category.
  3. Click the plus icon (+) button on the lower toolbar, then find and select the certificate.
  4. Select the System keychain, then click Open. You can also select the System keychain, then drag and drop the certificate file into the list.
  5. Right-click the certificate and select Get Info.

    A certificate information window appears.
  6. Expand the Trust category.
  7. In the When using this certificate drop-down list, select Always Trust.
  8. Close the certificate information window.
  9. Type your administrator password to confirm your changes.

See Also

See and Manage Firebox or XTM Device Certificates

Give us feedback  •   Get Support  •   All product documentation  •   Knowledge Base

© 2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.