Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

TZ-215: SSL cert process doesnt accept zip files?

MeloramaMelorama Newbie ✭
in SSL VPN

I'm trying to install a Namecheap SSL cert on my TZ-215 (SonicOS Enhanced 5.9.2.7-5o, SonicROM 5.0.5.6), but every single instruction procedure for this process I've found mentions that the "Generate CSR" (which is labeled "New Signing Request" on my TZ-215) process should result in a zip file containing two files, "server.csr" & "server.key".

However, on my TZ-215, the only thing that is downloaded is a single ".p10" file (no zip file and no separate "server.*" files) , the contents of which I paste into the CSR field to generate my SSL cert in my Namecheap dashboard.

That part of the process works fine.

But when it comes to importing the cert into the TZ-215, I'm stuck at the point where you're supposed to create a new zip file containing the .crt file and the "server.key" file, then import that zip file into the "Import Certificate" dialog (simply called "Import…" on my TZ-215). Not only do I not have a "server.key" file, but neither option in the "Import Certificate" dialog allows for the uploading of a zip file to begin with:

Screenshot on 2021-02-24 at 13-01-52.png


The zip file import issue notwithstanding, my first problem is the fact that the CSR dialog did not give me the server.csr & server.key files to begin with, and only outputs the .p10 file for the cert generation process on Namecheap.

Is there something I'm missing here?

Category: SSL VPN
Reply

Answers

  • SaravananSaravanan Moderator

    Hi @MELORAMA,

    Thank you for visiting SonicWall Community.

    There are two methods by which certificates can be imported on the SonicWall appliance.

    When you create a CSR on the SonicWall, you should get only file with .p10 extension. You will submit the CSR to the certificate authority like GoDaddy or VeriSign and get the valid certificate in a zip file containing a certificate bundle with no server key file. The certificate bundle contains the local certificate, root certificate and intermediate certificate files respectively. This type of certificate import doesn't require key file to be separately imported on the SonicWall as the CSR is generated on the firewall itself, so private key is already built-in the firewall.

    Please refer below KB article for this method of certificate purchase and import.

    https://www.sonicwall.com/support/knowledge-base/how-to-request-and-import-a-signed-certificate-from-thawte/170505769323600/

    If you are looking to import both the local certificate and server key file on the SonicWall, then no need to create any CSR from the firewall. You can directly purchase a certificate from vendors along with a server key file and get it imported on the firewall choosing the radio option "Import a local end-user certificate with private key from a PKCS#12 (.p12 or .pfx) encoded file".

    Untitled.jpg

    Hope this helps.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.