Create certificates for NGFW Engines using external certificate management
After creating an NGFW Engine element, create a certificate request for each NGFW Engine node, export and sign the certificate request using the external CA, then import the signed certificate.
Before you begin
- Configuring Single Firewalls
- Configuring Firewall Clusters
- Configuring IPS engines
- Configuring Layer 2 Firewalls
- Master NGFW Engine and Virtual NGFW Engine configuration overviewNote: Only Master NGFW Engines communicate with the Management Server. It is not possible to configure certificate settings for Virtual NGFW Engines.
For more details about the product and how to configure features, click Help or press F1.
Steps
Result
Example
Option | Definition |
---|---|
Name | The name of the element. |
Organization (O) (Optional) |
The name of your organization as it appears in the certificate. |
Organization Unit (OU)
(Optional) |
The name of your department or division as it appears in the certificate. |
State/Province (ST)
(Optional) |
The name of state or province as it appears in the certificate. |
Locality (L)
(Optional) |
The name of the city as it appears in the certificate. |
Common Name (CN) | A common name that includes the name of the NGFW Engine element. |
Public Key Algorithm (Not editable) |
The algorithm used for the public key. Note: For NGFW Engine certificates, only the ECDSA public key algorithm is
supported.
|
Key Length | The length of the key in bits. Enter 521 or 384. |
Signature Algorithm (Not editable) |
Shows the signature algorithm according to the key length. |
Subject Alternative Name (DNS) | The name of the NGFW Engine node as a fully qualified domain name (FQDN). |