IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Adding a user certificate
In the configuration wizard, enter the information relating to the user for whom you are creating a certificate.
Creating a user certificate
- Click on Add and select Add a user certificate.
- Enter a Name (CN) (mandatory).
This is a name that will help you identify the user, and is restricted to 64 characters. - Enter an ID (optional).
Here, you can add a shortcut to your Name (CN), which will be useful for command lines (e.g., if the CN is a first name+last name pair, the identifier may match the initials of the CN). - Enter the E-mail address (mandatory) of the user for whom you are creating a certificate.
- Click on Next.
- Select the Certification authority (CA) that will sign the certificate.
- Enter the CA password.
The attributes of the authority will be added automatically and can be found in the user certificate. - Click on Next.
- Where necessary, change the duration of the certificate's Validity (days).
The recommended value is 365 days (suggested by default). - The Key size (bits) of the certificate can also be changed.
Even though large keys are more effective, you are advised against using them with entry-level appliances as this will mean the key will take a long time to be generated. - If a user that was declared in the LDAP directory indicates the same e-mail address as the one given in step 4, this certificate can be automatically associated with the user.
However, this can only be done if the authority used to generate the certificate is the firewall's default authority. In this case:- Select Publish this certificate in the LDAP directory,
- Enter the password that will protect the PKCS#12 container of the certificate.
- Click on Next.
You will be shown a summary of the information you entered. - Click on Finish.
The certificate will automatically be added to the tree of authorities and certificates defined on the firewall, under its parent authority.
Displaying certificate details
Click once on the certificate to display its detailed information on the right side of the screen:
“Details” tab
Information about the certificate is shown in four windows:
- The duration of its Validity: when its certificate was issued and when it expires,
- Its recipient (Issued for),
- Its Issuer: the parent authority,
- Its Fingerprints: serial number of the certificate, encryption and signature algorithms used, etc.
Publishing a certificate in the LDAP directory
If a user that was declared in the LDAP directory indicates the same e-mail address as the one given for a user certificate, this certificate can be associated with the user, if you did not already do so while you were creating it.
Do note that this can only be done if the authority used to generate this certificate is the firewall's default authority.
In this case:
- Select the relevant certificate by clicking once,
- Click on the Actions menu.
- Select LDAP publication,
- In the pop-up window that appears, enter the password that will protect the PKCS#12 container of the certificate.
- Click on Publish certificate.