Install a certificate in SonicWall - Aventail VPN
Warning: SonicWall official documentation contains few mistakes.
- When importing the certificate as a zip, only put the server certificate in the server.crt file. In other words, rename the file cert-example.cer that we delivered to server.crt (contrary to what the documentation says, it only takes the first block into account).
- Import the intermediate certificate (not as a ZIP). To do so, use the chain-example.txt file that we delivered.
- Once the intermediate and the certificate are installed, tick the cas Enable the Apply (or Accept in the more recent versions). The appliance will restart to take the certificate into account.
Use of Keybot
If you used our Keybot tool in order to generate your CSR, you can also use it to create a pfx file containing your certificate, your private key and the certification chain.
- Start by generating your .pfx file as indicated on the Keybot page, section You choose private key storage. Then retrieve your .pfx file.
- Connect to Sonicwall go to System -
Certificates.
- Click on Import
- Select Import a local end-user certificate with private key
from a PCKS#12 (.p12 or .pfx) encoded file.Then select a certificate name and entre the .pfx certificate protection password. You can now click on Browser to import your .pfx file.
Disabling SSLv3, RC4, and 3DES
If you want to disable the obsolete protocol SSLv3 or the deprecated ciphers RC4 and 3DES, you can disble them via the SSL Settings - Configure SSL encryption menu and choose the following settings: