Setting Up FirePass Server Security
FirePass
™
Server Administrator Guide
3 - 29
Setting up certificates
A valid server certificate is very important in establishing a transparent
HTTPS connection. The browser running on the user’s computer checks the
certificate against its built-in list of Certificate Authorities and verifies that it
has not expired and that the name in the certificate matches the FirePass
server’s DNS name. If there is an error or a mismatch, some browsers
display security warnings; other browsers, notably wireless ones, may refuse
a connection.
If the FirePass server is a pilot deployment, it comes with a preinstalled
server certificate that contains a server-name.FP.com URL. If not, the
FirePass server now comes pre-configured with a default SSL server digital
certificate of firepass.company.xyz, signed by a FirePass root Certificate
Authority. This certificate may be used for initial FirePass server
configuration, testing, and licensing, but must not be used in a production
FirePass server. You receive warning messages from your web browser
when using this default certificate, indicating that the certificate signing
authority is unknown and that the certificate name does not match that of
your server.
Generating a new certificate request
When you deploy the FirePass server into production, you must purchase
and install a digital certificate matching the FirePass server’s configured
host name. You can use the FirePass Administrative Console to generate a
request to a Certificate Authority for a valid certificate. (See Generating a
server certificate request, on page 3-30.)
Installing a new certificate
You can change the FirePass server name to one that is appropriate for your
site, and then generate and install a new server certificate that uses the new
server name. It is important to keep your server certificate valid by renewing
it as necessary, usually every year. You can check the expiration date of the
server certificate on the Certificates panel. (See Installing or renewing a
server certificate, on page 3-31.)
Using certificates to authenticate client computers
You can also install an optional client root certificate and optional certificate
revocation list (CRL), and configure the FirePass server to validate client
certificates installed at each user’s computer. You can use the client
certificates as part of a two-factor authentication system, or to limit access to
particular FirePass server Webifyers. (See Using client certificates to
authenticate a user’s computer, on page 3-31.)
Содержание FirePass
Страница 1: ...FirePassTM Server Administrator Guide version 4 0 MAN 0081 00 ...
Страница 2: ......
Страница 4: ...ii ...
Страница 5: ...Table of Contents ...
Страница 6: ......
Страница 12: ......
Страница 18: ...Chapter 1 1 6 ...
Страница 20: ......
Страница 44: ...Chapter 2 2 24 ...
Страница 46: ......
Страница 82: ...Chapter 3 3 36 ...
Страница 84: ......
Страница 124: ......
Страница 156: ...Chapter 5 5 32 ...
Страница 158: ......
Страница 168: ......
Страница 177: ...Index ...
Страница 178: ......