Your Firebox can use certificates for several purposes:
- Firebox management session data is secured with a certificate.
- Branch Office VPN, Mobile VPN with IKEv2, Mobile VPN with IPSec, and Mobile VPN with L2TP tunnels can use certificates for authentication.
- When content inspection is enabled for HTTPS traffic or SMTP, POP3, or IMAP over TLS, these proxies use a certificate to re-encrypt incoming traffic after it is decrypted for inspection.
- You can use a certificate with an inbound HTTPS proxy to protect a web server on your network.
- When a user authenticates with the Firebox for any purpose, such as a WebBlocker override, the connection is secured with a certificate.
- When RADIUS or Firebox authentication is configured to use WPA Enterprise or WPA2 Enterprise authentication methods.
If you use a certificate for authentication, it is important to track when the certificates expire. This helps to avoid disruptions in critical services such as VPN.
For more information, see:
- Manage Device Certificates (Web UI)
- Manage Device Certificates (WSM)
- Create a Certificate CSR
- Create a CSR with OpenSSL
- Import a Certificate on a Client Device
- Use Certificates with HTTPS Proxy Content Inspection
- Certificate Portal
- SMTP-Proxy: STARTTLS Encryption
- Certificates for Branch Office VPN (BOVPN) Tunnel Authentication
- Certificates for Mobile VPN with IKEv2 Tunnel Authentication
- Certificates for Mobile VPN With IPSec Tunnel Authentication (Web UI)
- Certificates for Mobile VPN with IPSec Tunnel Authentication (WSM)
- Certificates for Mobile VPN with L2TP Tunnel Authentication
- Manage Certificates on the Management Server