2.2.4. Server Certificate and Intermediate CA Certificate Settings

For server certificate setting procedure, please refer to the followings.
For object name setting, please refer to Suggestions for object name creation.

2.2.4.1. Importing certificate

In the default status, any server certificate is not installed and no relating settings are made. Please install and configure a suitable one for your environment.
  1. Right-click your WAF device name on the summary screen of the Device Control, and click [ Import Certificate ].

    WAF device
  2. From the pull-down list of Type, select a relevant certificate type which you intend to upload.

    import certificate
  3. Select a file by clicking the [ ref. ] button. If a password has been set, enter the certificate password into the Password space. Then, click [ Upload to Device ]. When the certificate is successfully uploaded, the message "Upload succeeded." appears.

    upload to device

    Note

    Server Certificate

    certificate
    Please use either .cer, .crt or (none) for certificate file's identifier. A certificate identifier used for device control will be made with the certificate file name excluding dot (.) automatically. So, please make sure to use a filename which will be properly identified.
    Any file which have the same identifier as that of the existing uploaded certificate cannot be imported. If you want to change, please delete the existing one first then retry to import the new one.
    Please use either .key or .pem for key file's identifier.

    PKCS12 Certificate

    pkcs12 certificate
    A file's identifier should be either .pfx, .p12 or (none). A certificate identifier used for device control will be made with the certificate file name excluding dot (.) automatically. So, please make sure to use a filename which will be properly identified.
    Any file which have the same identifier as that of the existing uploaded certificate cannot be imported. If you want to change, please delete the existing one first then retry to import the new one. Password must be entered.

    Intermediate CA Certificate

    intermediate ca
    Please use either .cer, .crt or (none) for intermediate CA certificate file's identifier.
    A certificate identifier used for device control will be "Intercept_number" that will be provided in uploading order. Please remind that this cannot be changed and be careful when handle multiple intermediate CA certificate.

2.2.4.2. Confirming uploaded certificates

All uploaded certificates are available for confirming at the [ Certificates ] section of the WAF Device Control.
Both of server certificates and PKCS12 certificates will be sorted to [ CA ].
uploaded ca

Name shows the file name of the certificate, which was used for importing, excluding dot (.) automatically. This cannot be changed after importing.

Intermediate CA certificates will be sorted to [ Intermediate CA ].
uploaded intermedeated ca

Name shows each file's name that will be provided in uploading order like "Intercept_number". This is not changeable.

Intermediate CA certificate requires group creation to be used from server policies. Please refer to Setting up Intermediate CA Group .

2.2.4.3. Changing certificate

The executable action for a certificate is deleting only.
Select a certificate which you want to delete from the CA or Intermediate CA group.
If the selected file is an intermediate CA certificate, delete the relevant group first before deleting the certificate.

For deleting an item, a confirmation message will be shown. Click [ OK ] to delete.

Confirm Delete Object


Click [ Save Change ] to apply the settings to your device.

Save Config


2.2.4.4. Setting up Intermediate CA Group

With the following steps, set up Intermediate CA Group .

2.2.4.4.1. Intermediate CA Group default value

In the default status, any server certificate is not installed and no relating settings are made.
Please install and configure a suitable one for your environment.

2.2.4.4.2. Intermediate CA Group setting items

The following items are required for Intermediate CA Group settings.

Item

Value

Description

Name

(half-width alphanumeric)

Enter a group name.
2-byte character such as Japanese and symbols shown below are not accepted.
< > ( ) # ' " or space/blank
Members

(the uploaded intermediate CA certificate)

Add the intermediate CA certificate uploaded in advance.
Even when the number of the intermediate CA certificates that you intend to use is one, it is necessary to create a group for being used from server policies.

2.2.4.4.3. Adding Intermediate CA Group

  1. Click [ |rp_left_selection| ] from the object screen shown at the left-side of the screen.
    Object ‣ Certificates ‣ Intermediate CA Group

    Click [ Add ] from the Intermediate CA Group section shown at the right-side of the screen.

    Click Add


  1. Enter the setting value and click [ Save ].
    For the details of the setting items, please refer to Intermediate CA Group setting items .

    Save Object


  1. Click [ Save Change ] to apply the settings to your device.

    Save Config


2.2.4.4.3.1. Intermediate CA Group modification: (edit/copy/delete)

  1. Click [ |rp_left_selection| ] from the object screen shown at the left-side of the screen.
    Object ‣ Certificates ‣ Intermediate CA Group

    Select an edit target line at the section of Intermediate CA Group shown at the right-side of the screen, and click the relevant action button.

    Click Change


    The table below shows descriptions of each button used Intermediate CA Group .

    Button

    Description

    Edit

    This button allows you to edit members of Intermediate CA Group that have already set.

    Copy

    This button allows you to copy the existing Intermediate CA Group and open the object setting screen which contains the same values.
    It will be useful to define another Intermediate CA Group with similar values.
    Name must be changed.

    Delete

    This button allows you to delete a Intermediate CA Group .
    Certificates, which are being used under Server Policy, and their groups cannot be deleted.

    If you want to change members, select the target member(s) and click the change button.
    WAF device

    For deleting an item, a confirmation message will be shown. Click [ OK ] to delete.

    Confirm Delete Object


  1. Click [ Save Change ] to apply the settings to your device.

    Save Config