DPI-SSL and Let's Encrypt

nibyse

Hello everyone,

I have a customer who has multiple company on the office

All computers are not part of the active directory domain and will not

I'm not able to deploy DPI-SSL to all computers and they are many

I'm not finding how to install Let's Encrypt certificate to do so, do you have any information about the procedure to configure it ?

Thank's for advance

Have a nice day

MitatOnge

Helle @NIBYSE,

I don't think Sonicwall Firewall DPI-SSL Supports Lets Encrypt ssl.

First of all you don't have any chance for certificate installation with one click on all computer manually except additional software like Sonicwall Endpoint solution as Capture Client software.

There are several options.

1. batch file / powershell

Powershell Example:

Local poweshell command set:

PS C:\> Set-Location Cert:\LocalMachine\My\
PS Cert:\LocalMachine\My\> Import-Certificate -FilePath C:\Temp\Mycert.cer

Remote powershell command :

Invoke-Command -ComputerName  RemoteServer1 -ScriptBlock {Import-Certificate -FilePath C:\Temp\Mycert.cer -CertStoreLocation Cert:\LocalMachine\My\}

Batch File Example:

certutil.exe -addstore root c:\capublickey.cer

2) Via Sonicwall Capture Client

https://www.sonicwall.com/support/knowledge-base/how-do-i-add-a-ssl-certificate-in-the-capture-client/220509103523510/

MarkD

You cannot purchase a certificate for resigning through any CA.

You have the option of either the inbuilt 1024 or 2048 Bit SonicWALL signed cert or generating one from your own internal CA and deploying to the clients.

I believe the SonicWALL Issued CA is the Same on all devices -

Arkwright

I'm not able to deploy DPI-SSL to all computers and they are many

You need to make sure you are only applying DPI-SSL to the computers you are able to install the certificate on. In the scenario you have described, it is not possible to work around the issue by changing the type of certificate.

nibyse

Thank's everyone for your answers

I appreciate