Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
4 When I launch any of the Java components it gives me an error – what should I do?
: See the previous section. This occurs when the certificate is not trusted by the Web browser, or
the site name requested by the browser does not match the name embedded in the site certificate
presented by the SMA/SRA appliance during the SSL handshake process. This error can be safely ignored.
5 Do I have to purchase a SSL certificate?
: Although the level of encryption is not compromised, users accepting an untrusted certificate
introduces the risk of Man-in-the-Middle attacks. Dell SonicWALL recommends installing only trusted
certificates or installing the default self-signed certificate in all the clients.
6 What format is used for the digital certificates?
: X509v3.
7 Are wild card certificates supported?
: Yes.
8 What CA’s certificates can I use with the SMA/SRA appliance?
: Any CA certificate should work if the certificate is in X509v3 format, including Verisign,
Thawte, Baltimore, RSA, and so on.
9 Does the SMA/SRA appliance support chained certificates?
: Yes, it does. On the
System > Certificates
page, complete the following:
Under “Server Certificates,” click Import Certificate and upload the SSL server certificate and
key together in a .zip file. The certificate should be named ‘server.crt’. The private key should be
named ‘server.key’.
Under “Additional CA Certificates,” click
Import Certificate
and upload the intermediate CA
certificate(s). The certificate should be PEM encoded in a text file.
After uploading any intermediate CA certificates, the system should be restarted. The web server needs
to be restarted with the new certificate included in the CA certificate bundle.
10 Any other tips when I purchase the certificate for the SMA/SRA appliance?
: We recommend you purchase a multi-year certificate to avoid the hassle of renewing each year
(most people forget and when the certificate expires it can create an administrative nightmare). It is
also good practice to have all users that connect to the SMA/SRA appliance run Windows Update (also
known as Microsoft Update) and install the ‘Root Certificates’ update.
11 Can I use certificates generated from a Microsoft Certificate Server?
: Yes, but to avoid a browser warning, you should install the Microsoft CA’s root certificate into
all Web browsers that connect to the appliance.
12 Why can’t I import my new certificate and private key?
: Be sure that you upload a .zip file containing the PEM formatted private key file named
“server.key” and the PEM formatted certificate file named “server.crt.” The .zip file must have a flat
file structure (no directories) and contain only “server.key” and “server.crt” files. The key and the
certificate must also match, otherwise the import fails.