DPI-SSL Certificate Authority Update in SonicOS 7.2.0

Description

The current 2048-bit resigning certificate (dpi-ssl-2048-sha2.cer) is set to expire on Jan 15, 2026. A new certificate (dpi-ssl-2048-new2.cer) with an extended expiry of Feb 5, 2035 has been created. Both certificates share the same private key and attributes, except for the validity dates, ensuring backward compatibility.

Cause

The current 2048-bit resigning certificate (dpi-ssl-2048-sha2.cer) is set to expire on Jan 15, 2026.

NOTE: This KB is only targeted for customers who follow the DPI-SSL client default resigning ca. For customers who are using custom CA, they are not affected. 

  • Select and Download the SonicWall Client DPI-SSL CA certificate from the Client DPI-SSL page.
  • Installing the Default SonicWall DPI-SSL 2048 bit CA certificate NEW on the client Machine
  • Delete the Old DPI SSL Client Certificate from the Certificate store
  • Reboot the firewall.

 

Select and Download the SonicWall Client DPI-SSL CA certificate from the Client DPI-SSL page:

  1. Login to the firewall.
  2. Navigate to POLICY | DPI-SSL | Client SSL.
  3. Click the Certificate tab.
  4. Click the drop down menu and select the certificate "Default SonicWall DPI-SSL 2048 bit CA certificate NEW" that will be used for DPI-SSL and then click download.Image
  5. Click on download and it will download the Default SonicWall DPI-SSL 2048 bit CA certificate and then click on accept and reboot the firewall. Image

 

Installing the Default SonicWall DPI-SSL 2048 bit CA certificate NEW on the client Machine:

  1. Double click on the Certificate "Default SonicWall DPI-SSL 2048 bit CA certificate NEW" and click on Install CertificateImage
  2. Click on Local Machine and Then click on Next
    Image
  3. Select "Place all Certificates in the following store" and click on browse
    Image
  4. Select the folder "Trusted Root Certification Authorities" and click on "OK". Then click on "Next"
    Image
  5. Make sure that the store selected by the user content is Trusted Root Certification Authorities and once confirmed click finish.Image
  6. To make sure the NEW Certificate is installed go to Certificates  and look for Sonicwall Firewall DPI-SSL Certificate under Trusted Root Certification Authority that has an expiry date on 2/6/2035 as seen in the screenshot below:Image
  7. In Case if you have followed the KB: [[How to install the DPI-SSL certificate in modern browsers|171003152237302]] to install the certificate. Please make sure to delete the old certificate after installing the new certificate

 

Delete the Old DPI SSL Client Certificate from the Client Machine

  1. To open the Windows Certificate Manager, press Windows key + R, type certmgr.msc, and press Enter.
    Image
  2. Under the cert store go to Trusted root certificate and then under the folder Certificates look for the Sonicwall DPI SSL Certificate with the expiration date as Jan 15, 2026.
    Image
  3. Right Click on the certificate, select delete and confirm.
  4. Reboot the Endpoint to make sure it takes effect correctly.

Reboot the firewall.

  1. Navigate to Device | Settings | Restart .
  2. Click on Restart System
    Image

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Firewalls
NSv Series
Firewalls
TZ Series
Firmware
not finding your answers?
Ask the Community