In this page you find:
The Certificates page allows the management of the certificates that are needed by the various OpenVPN server instances running on the Endian UTM Edge Appliance and is composed of three tabs: Certificates, Certificate Authority, and Revoked Certificates.
Here it is possible to manage all the certificates stored on the Endian UTM Edge Appliance. The table, initially empty, shows all certificates along with the following details, one per each column:
Serial. A unique number identifying the certificate.
Name. The name assigned to the certificate.
Subject. the collection of information that identify the certificate. itself. See the options below.
Expiration Date. The final date of validity of the certificate.
Actions. What can be done with the certificate:
- to show all its details.
- to download it in PEM format.
- to download it in PKCS12 format.
- to delete the private key associated to it.
- to delete it.
- to revoke the certificate.
Above the list, a link can be clicked to Add new certificate. Upon clicking, the page will be replaced by a form that allows to provide all data necessary to the generation of a new certificate.
At the bottom of the table, on the left-hand side there is a navigation widget, that allows to navigate among the various pages composing the table, if there are many certificates, whereas on the right-hand side there is a reload widget, used to refresh the list of certificates.
Three alternatives are available to store a new certificate on the Endian UTM Edge Appliance, selectable from this drop-down menu: Generate a new certificate, Upload a certificate, and Upload a Certificate signing request.
The first alternative allows to create a new certificate directly on the Endian UTM Edge Appliance, by providing the following information. The capital letters in parentheses show the field of the certificate that will be filled by the value supplied and form the Subject of the certificate.
Note
A Root Certificate Authority is needed to create certificates, so create the Root CA before creating certificates.
The common name (CN) of the certificate’s owner, i.e., the name with which the owner will be identified.
The e-mail address of the certificate’s owner.
The Organisation Unit (OU) to which the owner belongs to, i.e., the company, enterprise, or institution department identified with the certificate.
The organisation (O) to which the owner belongs to.
The city (L) in which the organisation is located.
The state or province (ST) in which the organisation is located.
The Country (C) in which the organisation is located, chosen from those in the selection menu. By typing one or more letters, matching countries are searched for and displayed.
An alternate name for the subject, i.e., the certificate.
The type of the certificate, chosen between Client and Server from the drop-down menu.
The number of days before the certificate expires.
The password for the certificate, if needed.
Type once more the certificate’s password for confirmation.
The next alternative is to upload an existing certificate from the local workstation to the Endian UTM Edge Appliance.
By clicking on the Browse button or on the textfield, a file chooser will open, in which to supply the path to the certificate to be uploaded.
The password for the certificate, if needed.
The third alternative is to upload a CSR from the local workstation to the Endian UTM Edge Appliance, i.e., an encrypted text file containing all necessary information to generate a new certificate, recognised by the server.
By clicking on the Browse button or on the textfield, a file chooser will open, in which to supply the path to the CSR to be uploaded.
How many days shall the certificate be valid.
This page allows to manage the CA, which are necessary for the correct working of an OpenVPN encrypted connection. There are two ways to add a CA: Either by clicking on the link above the table of already existent certificates to generate a new certificate, or by uploading one using the widgets below the table.
The table, once populated, shows the same information as in the Certificates tab, with the only difference in the Actions available, which are:
- to show all CA details.
- to download it in PEM format.
- to delete the certificate.
To upload a certificate, supply the following information:
The name of the Authority who created the certificate.
By clicking on the Browse button or on the textfield, a file chooser will open, in which to supply the path to the certificate to be uploaded.
Clicking on the Upload CA certificate will start the upload process.
This procedure can be applied only once and will generate two certificates: A root certificate authority and a host certificate, with the latter that shall appear in the lint shown in the Certificates tab. When clicking on the link, a form will replace the list, in which to supply the following data, that will be used in the new root and host certificates.
Note
The only way to generate a new root certificate is to delete the existing one.
The name of the system, that will be used as the certificate’s Common Name.
The e-mail address of the system’s owner or responsible.
The Organisation Unit (OU) to which the system belongs to.
The organisation (O) to which the system belongs to.
The city (L) in which the organisation is located.
The state or province (ST) in which the organisation is located.
The Country (C) in which the organisation is located, chosen from those in the selection menu. By typing one or more letters, matching countries are searched for and displayed.
An alternate name for the subject, i.e., the certificate.
The number of days before the certificate expires.
The certificates that have been revoked are listed in the table, that show the serial number and the subject of the certificate.
A click on this link will allow to download the on a local workstation the Certificate Revocation List.
In this page can be managed all the Certificate Revocation lists that have been uploaded.
The table shows all the Certificate Revocation Lists that have been uploaded and for each item in the table are show the name of the certificate, the issuer, and the issued date. Available actions are:
- display the certificate details
- download the certificate on the local workstation.