Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

DPI-SSL and Let's Encrypt

Hello everyone,

I have a customer who has multiple company on the office

All computers are not part of the active directory domain and will not

I'm not able to deploy DPI-SSL to all computers and they are many

I'm not finding how to install Let's Encrypt certificate to do so, do you have any information about the procedure to configure it ?

Thank's for advance

Have a nice day

Category: High End Firewalls
Reply

Best Answers

  • CORRECT ANSWER
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭
    Answer ✓

    Helle @NIBYSE,

    I don't think Sonicwall Firewall DPI-SSL Supports Lets Encrypt ssl.

    First of all you don't have any chance for certificate installation with one click on all computer manually except additional software like Sonicwall Endpoint solution as Capture Client software.

    There are several options.

    1. batch file / powershell

    Powershell Example:

    Local poweshell command set:

    PS C:\> Set-Location Cert:\LocalMachine\My\
    PS Cert:\LocalMachine\My\> Import-Certificate -FilePath C:\Temp\Mycert.cer
    

    Remote powershell command :

    Invoke-Command -ComputerName  RemoteServer1 -ScriptBlock {Import-Certificate -FilePath C:\Temp\Mycert.cer -CertStoreLocation Cert:\LocalMachine\My\}
    

    Batch File Example:

    certutil.exe -addstore root c:\capublickey.cer
    
    

    2) Via Sonicwall Capture Client

  • CORRECT ANSWER
    MarkDMarkD Cybersecurity Overlord ✭✭✭
    Answer ✓

    You cannot purchase a certificate for resigning through any CA.

    You have the option of either the inbuilt 1024 or 2048 Bit SonicWALL signed cert or generating one from your own internal CA and deploying to the clients.

    I believe the SonicWALL Issued CA is the Same on all devices -

  • CORRECT ANSWER
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    Answer ✓

    I'm not able to deploy DPI-SSL to all computers and they are many

    You need to make sure you are only applying DPI-SSL to the computers you are able to install the certificate on. In the scenario you have described, it is not possible to work around the issue by changing the type of certificate.

Answers

  • nibysenibyse Newbie ✭

    Thank's everyone for your answers

    I appreciate

Sign In or Register to comment.