Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system.
To install SSL certificate on SonicWall SSL VPN Appliance, perform the following steps.
Step 1: Downloading your SSL Certificate & its Intermediate CA certificate:
- If you had the option of server type during enrollment and selected Other you will receive a x509/.cer/.crt/.pem version of your certificate within the email. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the x509 version of your certificate.
- Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer Ensure there are no white spaces, extra line breaks or additional characters.
- Use a plain text editor such as Notepad, paste the content of the certificate and save this file with the name of Server.crt
- If your intermediate CA certificate for your product is not in the body of the email you can access your Intermediate CA also in a link within that email. Copy and paste the contents of your Intermediate CA into its own Notepad file and save it with a any name with a .crt extension.
Note: Some CAs may require two intermediates for best compatibility. These two are to be copied within their own corresponding .crt files and installed one at a time in a repeated process for intermediate installation.
Step 2: Creating a .zip file:
- Create a new folder by right clicking on your desktop and specify a name of your choice.
- Locate the extracted .zip folder that contains the private key(server.key) file back from CSR creation and import it into this new folder.
- Take your SSL certificate (Server.crt) file created in Step 1 and move it into this new folder.
- Right click this new folder with both Server.crt and Server.key files within it and Send to > Compressed (zipped) folder.
Note: Any filename will be accepted, but it must have the “.zip” extension. The zipped file should contain a certificate file named Server.crt and a certificate key file named Server.key.
Step 3: Installing your SSL certificate:
- Log in to the SonicWall appliance.
- Navigate to System > Certificates.
- Click Import Certificate.
- Click Browse.
- Locate your .zip file you created in, and then click Open.
- Enter the private key password of the Server.key file.
Note: The password of this server.key file was created during CSR creation. It is Not Optional.
- Click Upload.
Once the certificate has been uploaded, the certificate will be displayed in the Certificates list in the System > Certificates page.
Step 4: Importing your Intermediate CA certificate:
- In the SonicWall console navigate to System > Certificates.
- Click Import CA Certificate.
- An Import Certificate dialog box will be displayed.
- Click Browse.
- Locate to the file name and path of the intermediate CA file you saved in Step 1 of these instructions.
- Click Upload.
Note: Once the certificate has been uploaded, the CA certificate will be displayed in the Additional CA Certificates list in the System > Certificates.
Step 5: Configuring your changes.
- Within the SonicWall VPN console navigate to System > Certificates
- Select your new certificate you want activated.
- Click Apply.
Note: Typically you will be prompted to restart the SonicWall system. If you do not receive a restart prompt then expand the system navigation to the left of the console and click Restart.
Your SSL Certificate is now installed, and the website is now configured.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.
SonicWall Support
For more information refer to SonicWall.