Some security features in cOS Core require the use of X.509 certificates. For instance, this is one of the ways of securely setting up VPN tunnels based on IPsec.

One of the ways to receive certificates from a Certification Authority (CA) is to send the CA a certificate request and InControl provides a feature to generate these requests. The certificate received can also be imported and deployed to the firewall through InControl.

The sequence of steps for certificate requests is:

A. Create a certificate request.
B. Export the request file and send it to the CA.
C. Import the certificate file sent back by the CA.

These steps will now be described in detail:

A. Create a certificate request.

To do this, select: Objects > General > Key Ring > Add > Certificate.

The new certificate dialog will open. Under the Type tab, select Certificate Request (CSR).

Now go through the dialog tabs as follows:

The certificate object is now created and a summary of its contents is displayed. Note that the validity date will be decided by the CA.

The request file for the certificate still needs to be created and this is the next step.

B. Export the request file and send it to the CA.

To export the request, select the Export option.

A file chooser will appear allowing the name of the request file to be specified. The filetype should be left as .req.

A dialog will appear to ask if the private key should be included. Answer No. The private key file (with filetype .key) is not required to be exported since this should never be transmitted to third parties.

The request file is now written to disk with a filetype of .req.

Press the OK button for this Certificate object to save it in the cOS Core configuration as a request so it can be completed later when the public key file is received.

This request file can now be emailed to the CA for issuance of the signed public key file.

C. Import the certificate file sent back by the CA.

The CA will send back the signed server certificate (gateway certificate) which consists of a single file with a filetype of .cer.

Now, import the certificate file into InControl by choosing the Import option.

A file chooser will open allowing the .cer file to be selected.

The certificate is now imported into cOS Core and available for use.

Using an Internal CA

A certificate request can be sent to an internal CA server. The Windows Server™ series includes an internal CA server in many versions and this can be used to generate a certificate from a request.