In the Certificate Management section of the System Settings > Status page, you can generate a CSR file, import a web certificate, or manage the trusted CA certificates for Dimension. When you import a signed certificate, the private key must be included in the web server certificate. If you use a third-party Certificate Authority (CA) to generate your web server certificate, you must import the certificate to Dimension before you download .WGD files to manage your Fireboxes. You can also regenerate the default web server certificate when it expires.
Generate a Certificate
To generate a CSR file:
- Click Generate.
The Certificate Signing Request dialog box opens.
- Complete the necessary settings for the Certificate Signing Request.
You must specify the Common Name, Company Name, and Country to include in the CSR. All other fields are optional.
- Click Generate.
The CSR is generated.
Import a Web Server Certificate
When you import a web server certificate, Dimension verifies that the certificate is intended to be used for a web server. If the certificate is not intended to be used for a web server, Dimension will not import the certificate.
To import a web server certificate to Dimension:
- Click Import.
The Import Web Server Certificate dialog box opens.
- Select an option to import the certificate from a file or paste the certificate content.
- Select a file to import or paste the certificate content.
- Click OK.
Export the Web Server Certificate Trust Chain
You can export the Dimension web server certificate chain of trust so you can import it to your Firebox. This is useful if you import a new certificate to Dimension and must replace the Dimension certificate on a Firebox managed by dimension. You can export the updated certificate and import it to Fireboxes that are managed by Dimension, if you cannot export and import the WGD file to those Fireboxes. You can also import it to an RMA device.
To export the certificate trust chain:
- Click Export.
The Save As dialog box opens.
- Specify a location to save the .PEM file.
- Click Save.
Regenerate a Web Server Certificate
The Dimension default web server certificate automatically expires six months after it is generated. You can use the Default Certificate option to generate a new default web server certificate for Dimension.
If you have imported a third-party web server certificate to Dimension, you can also use the Default Certificate option to replace the third-party certificate you imported with a new, default, self-signed certificate generated by Dimension. When you restore a web server certificate, Dimension restarts and you must log in again.
- Click Regenerate.
Dimension generates a new default web server certificate. If you had imported a third-party web server certificate, it is deleted replaced by the newly generated default self-signed certificate. A confirmation dialog box opens.
- Accept the confirmation message.
The Dimension web server restarts and the Dimension Login page opens.
When you log in to Dimension again, the Default Certificate option is no longer available because Dimension no longer uses an expired certificate or a third-party certificate.
Manage Trusted CA Certificates
On the Trusted CA Certificates page, you can see all the trusted CA certificates available for your instance of Dimension. This includes the CA certificates for your email server (for email notifications), your Active Directory server (for authentication), and for device feedback.
You can import the CA certificates that Dimension uses to create a secure channel between Dimension and your email server or Dimension and your Active Directory server. If the certificates your email server or Active Directory server use are signed by a Certificate Authority that is not already trusted by Dimension, you must import the certificates into Dimension.
For more information about how to configure the email server settings for Dimension, see Configure Notification Settings for Dimension.
For more information about how to configure the Active Directory server settings for Dimension, see Manage Users and Groups.
You can view a current certificate, delete an imported certificate from the list, or import a new certificate.
When you view a certificate, you can see these details:
- Issuer — The Certificate Authority that generated the CA certificate
- Subject — The organization that can use the CA certificate
- Serial Number — The serial number associated with the CA certificate
- Valid From — The date and time the CA certificate is generated
- Valid To — The date and time range the CA certificate expires
To view or delete the CA certificates on Dimension:
- In the Certificate Management section, click Manage Trusted CA Certificates.
The Trusted CA Certificates page opens.
- To see the details of a certificate, select the certificate from the Trusted CA Certificates list and click View.
The View Certificate dialog box opens.
- To delete a certificate, select the certificate from the Trusted CA Certificates list and click Remove.
To import a new CA certificate:
- On the Trusted CA Certificate page, click Import.
The Import CA Certificate dialog box opens.
- Select the CA certificate file to import.
- Click OK.