• SonicOS 7.1
• About SonicOS
  • Working with SonicOS
  • SonicOS Workflow
  • How to Use the SonicOS Administration Guides
  • Guide Conventions
• About Device Settings
• Managing SonicWall Licenses
  • Licenses
  • Managing Security Services
    • Services Summary
    • Managing Security Services Online
      • Managing Services from SonicOS Management Interface
      • Synchronizing Changes
    • Manual Upgrade for Closed Environments
  • Registering Your SonicWall Appliance
  • Activating the Gateway Anti-Virus, Anti-Spyware, and IPS License
  • Activating FREE TRIALs
• System Administration
  • Configuring the Firewall Name
  • Enabling Wireless LAN and IPv6
  • Changing the Administrator Name and Password
  • Configuring Login Security
    • Configuring Password Compliance
    • Configuring Login Constraints
  • Multiple Administrators Support
    • Working of Multiple Administrators Support
      • Configuration Modes
      • User Groups
      • Priority for Preempting Administrators
      • GMS and Multiple Administrator Support
    • Configuring Multiple Administrator Access
  • Enabling Enhanced Audit Logging Support
  • Configuring the Wireless LAN Controller
  • Enabling SonicOS API and Configuring Authentication Methods
  • Enabling GMS Management
  • Configuring the Management Interface
    • Managing through HTTP/HTTPS
    • Selecting a Security Certificate
    • Controlling the Management Interface Tables
    • Enforcing TLS Version
    • Switching Configuration Modes
    • Deleting Browser Cookies
    • Configuring SSH Management
  • Client Certificate Verification
    • About Common Access Card
    • Configuring Client Certificate Verification
    • Using the Client Certificate Check
    • Checking Certificate Expiration
    • Troubleshooting User Lock Out
  • Selecting a Language
• Configuring Time Settings
  • Setting System Time
  • Configuring NTP Settings
    • Using a Custom NTP Server for Updating the Firewall Clock
    • Adding an NTP Server
    • Editing an NTP Server Entry
    • Deleting NTP Server Entry
• Managing Certificates
  • About Digital Certificates
  • About the Certificates Table
  • About Certificate Details
  • Importing Certificates
    • Importing a Local Certificate
    • Importing a Certificate Authority Certificate
    • Creating a PKCS-12 Formatted Certificate File (Linux Systems Only)
  • Deleting Certificates
  • Generating a Certificate Signing Request
  • Configuring Simple Certificate Enrollment Protocol
• Administering SNMP
  • About SNMP
  • Setting Up SNMP Access
    • Enabling and Configuring SNMP Access
      • Configuring Basic Functionality
      • Configuring SNMPv3 Engine IDs
      • Configuring Object IDs for SNMPv3 Views
    • Setting Up SNMPv3 Groups and Access
      • Creating Groups and Adding Users and Access
        • Creating a Group
        • Adding Access
        • Adding Users
  • Configuring SNMP as a Service and Adding Rules
• Firmware Settings
  • Firmware Management and Backup
    • Firmware Management & Backup Tables
      • Local Table
      • Cloud Table
      • Show Configuration Files Table
    • Searching the Table
  • Creating a Backup Firmware Image
    • Creating a Local Backup Firmware Image
    • Creating a Cloud Backup Firmware Image
    • Scheduling Firmware Image Backups
      • Scheduling a One-Time Backup
      • Scheduling Recurring Backups
      • Deleting Scheduled Backups
  • Updating Firmware
    • Updating Firmware Manually
    • Firmware Auto Update
    • Using SafeMode to Upgrade Firmware
  • Importing and Exporting Settings
    • Importing Settings
    • Exporting Settings
  • Configuring Firmware and Backup Settings
    • Send Settings or Reports by FTP
    • Sending Diagnostic Reports to Technical Support
    • Boot Settings
    • One-Touch Configuration Overrides
    • Enabling FIPS Mode
    • Enabling NDPP mode
• Storage
  • Storage Overview Tab
    • Diagnostics Data
    • Configuration Backup
    • System Logs
    • Threat Logs
    • Packet Captures
    • Logs (Legacy)
• Restarting the System
• SonicWall Support
  • About This Document

Generating a Certificate Signing Request

You should create a Certificate Policy to be used in conjunction with local certificates. A Certificate Policy determines the authentication requirements and the authority limits required for the validation of a certificate.

To generate a certificate signing request

1. Navigate to Device | Settings > Certificates.

2. Click New Signing Request. The Certificate dialog is displayed.

   

3. Enter an alias name for the certificate in the Certificate Alias field.

4. Create a Distinguished Name (DN) using the drop-down menus shown in table below, then enter information for the certificate in the associated fields.

   For each DN, you can select your country from the associated drop-down menu; for all other components, enter the information in the associated field.

   Drop-down menu	Select appropriate information
   Country	Country (default) State Locality or County Company or Organization
   State	Country State (default) Locality, City, or County Company or Organization Department
   Locality, City, or County	Locality, City, or County (default) Company or Organization Department Group Team
   Company or Organization	Company or Organization (default) Department Group Team Common Name Serial Number E-Mail Address
   Department	Department (default) Group Team Common Name Serial Number E-Mail Address
   Group	Group (default) Team Common Name Serial Number E-Mail Address
   Team	Team (default) Common Name Serial Number E-Mail Address
   Common Name	Common Name (default) Serial Number E-Mail Address

   As you enter information for the components, the Distinguished Name (DN) is created in the Subject Distinguished Name field.

   

5. Optionally, you can also attach a SUBJECT ALTERNATIVE NAME to the certificate after selecting the type from the drop-down menu:

   • Domain Name

   • Email Address

   • IPv4 Address

6. Select a signature algorithm from the Signature Algorithm drop-down menu:

   • SHA1 (default)
   • MD5

   • SHA256

   • SHA384

   • SHA512

7. Select a subject key type from the Subject Key Type drop-down menu:

   RSA (default)	A public key cryptographic algorithm used for encrypting data,
   ECDSA	Encrypts data using the Elliptic Curve Digital Signature Algorithm, which has a high strength-per-key-bit security.

8. Select a subject key size or curve from the Subject Key Size/Curve drop-down menu.

   Not all key sizes or curves are supported by a Certificate Authority, therefore, you should check with your CA for supported key sizes.

   If you selected a Key Type of

   RSA, select a key size	ECDSA, select a curve
   1024 bits (default)	prime256vi: X9.62.SECG curve over a 256 bit prime field (default)
   1536 bits	secp384r1: NIST/SECG curve over a 384 bit prime field
   2048 bits	secp521r1: NIST/SECG curve over a 521 bit prime field
   4096 bits

9. Click Generate to create a certificate signing request file.

When the Certificate Signing Request is generated, a message describing the result is displayed and a new entry appears in the Certificates table with the type Pending request.



10. Click the Export icon. The Export Certificate Request dialog is displayed.

    

11. Click the Export icon to download the file to your computer. An Opening <certificate> dialog displays.

12. Click OK to save the file to a directory on your computer.

    You have generated the Certificate Request that you can send to your Certificate Authority for validation.

13. Click the Upload icon to upload the signed certificate for a signing request. The Upload Certificate dialog is displayed.

    

14. Click Choose File to select a file.
15. Select the file and click Open.
16. Click UPLOAD.