Home >Documents >Security Tutorial v3.1.1 > 2. Operation > 2.4. Managed WAF Version2 >2.4.4. Server Certificate and Intermediate CA Certificate settings

2.4.4. Server Certificate and Intermediate CA Certificate settings

For server certificate setting procedure, please refer to the followings.

When setting the object name, refer to Suggestions for object name creation  .

2.4.4.1. Initial values of server certificate and intermediate CA certificate

In the default status, any server certificate is not installed and no relating settings are made. Please install and configure a suitable one for your environment.

2.4.4.2. Server certificate, intermediate CA certificate setting items

The setting items for the server certificate and intermediate CA certificate are as follows.

** Server certificate **

Item	Value	Description
Description / comment	(half-width alphanumeric)	Enter comments if necessary. [AZ], [az], [0-9], [_], [-], [[], []], [.], [], [(], [)] can be used.
Select Certificate Filetype [X.509 (PEM)] or [PLCS12]	(select from the list)	Select the certificate format as PEM/DER format or PKCS12 format.
Certificate File: Input local certificate file path	(select from the list)	Select the server certificate you uploaded to the repository.
Key File: Input key file path	(select from the list)	Select the key file you uploaded to the repository.

** Intermediate CA certificate **

Item	Value	Description
Description / comment	(half-width alphanumeric)	Enter comments if necessary. [AZ], [az], [0-9], [_], [-], [[], []], [.], [], [(], [)] can be used.
Certificate File: Input local certificate file path	(select from the list)	Select the intermediate CA certificate you uploaded to the repository.

2.4.4.3. Upload certificate to repository

Upload the certificate to the repository in preparation for uploading the certificate to your device. 1. Click [Manage Repository] at the top right of the screen.

2. Expand the [ECL-econxxxxxx] of [PKI] folder and select [Upload PKI] from the action.

3. Select [Import from Disk], select the file from the [Browse] button, and click [Upload].

4. If it has a password, enter it in [Password] and click [Save].

Note

Server Certificate

Certificate file must have extension **. cer ** , **. crt ** , **. pem ** , ** no extension ** . The distinguished name of the device management certificate is automatically used before the first. (Dot) of the certificate file name. Please be careful about attaching distinguishable file names.

Any file which have the same identifier as that of the existing uploaded certificate cannot be imported. If you want to change, please delete the existing one first then retry to import the new one.

Please use either .key or .pem for key file's identifier.

The file name of the certificate file and key file to be uploaded is limited to 19 characters excluding the extension.

PKCS12 Certificate

A file's identifier should be either .pfx, .p12 or (none). A certificate identifier used for device control will be made with the certificate file name excluding dot (.) automatically. So, please make sure to use a filename which will be properly identified.

Any file which have the same identifier as that of the existing uploaded certificate cannot be imported. If you want to change, please delete the existing one first then retry to import the new one. Password must be entered.

The certificate with key file to be uploaded is limited to 63 characters excluding the extension.

Intermediate CA Certificate

Please use either .cer, .crt or (none) for intermediate CA certificate file's identifier.

The identification name of the certificate in device management is automatically used before the first . (Dot) in the certificate file name. Be careful, such as giving an identifiable file name.

The intermediate CA file to be uploaded is limited to 63 characters excluding the extension.

2.4.4.4. Uploading the certificate to the device

Upload the certificate you uploaded to the repository to your device.

Server certificate

1. Click [ECL_WAF_Local_Certificate] displayed in [Workflows] on the [WORKFLOWS] tab.

   

2. Click [Add Local Certificate] for the device you want to upload.

   

3. Enter the settings and click [Run Now]. It will take some time to complete the execution.

   

4. You can check the progress from [Status]. When all the tasks turn green, it is completed normally. Please close with [Close].

   

** Intermediate CA certificate **

1. Click [ECL_WAF_Intermediate_Certificate] displayed in [Workflows] on the [WORKFLOWS] tab.

   

2. Click [Add Intermediate Certificate] for the device you want to upload.

   

3. Enter the settings and click [Run Now]. It will take some time to complete the execution.

   

4. You can check the progress from [Status]. When all the tasks turn green, it is completed normally. Please close with [Close].

   

2.4.4.5. Confirming uploaded certificates

You can check the uploaded certificate in [Config] on the [Device] tab of WAF or [Workflows] on the [WORKFLOWS] tab.

Server certificate

Click [Local Certificate] from [Config] on the [Device] tab.

Certificate ‣ Local Certificate

Click [ECL_WAF_Local_Certificate] displayed in [Workflows] on the [WORKFLOWS] tab.

Click [View] for the certificate you want to check.

** Intermediate CA certificate **

Click [Intermediate Certificate] from [Config] on the [Device] tab.

Certificate ‣ Intermediate Certificate

Click [ECL_WAF_Intermediate_Certificate] displayed in [Workflows] on the [WORKFLOWS] tab.

Click [View] for the certificate you want to check.

2.4.4.6. Changing certificate

Server certificate

1. Click [ECL_WAF_Local_Certificate] displayed in [Workflows] on the [WORKFLOWS] tab.

   

2. Click [Delete Local Certificate] for the device you want to upload.

   

3. Select the certificate you want to delete, click [Delete], and then click [Run Now]. It will take some time to complete the execution.

   

4. You can check the progress from [Status]. When all the tasks turn green, it is completed normally. Please close with [Close].

   

** Intermediate CA certificate **

1. Click [ECL_WAF_Intermediate_Certificate] displayed in [Workflows] on the [WORKFLOWS] tab.

   

2. Click [Delete Intermediate Certificate] for the device you want to upload.

   

3. Select the certificate you want to delete, click [Delete], and then click [Run Now]. It will take some time to complete the execution.

   

4. You can check the progress from [Status]. When all the tasks turn green, it is completed normally. Please close with [Close].

   

If the selected file is an intermediate CA certificate, delete the relevant group first before deleting the certificate.

Note

Certificates in use by Server Policy can not be deleted.

If you delete it while it is in use, the following error will occur.

Please remove the relevant certificate from the Server Policy and delete it again.

2.4.4.7. Sync from device

Read the previously uploaded certificate information from the managed device.

Server certificate

1. Click [ECL_WAF_Local_Certificate] displayed in [Workflows] on the [WORKFLOWS] tab.

   

2. Click [Refresh Certif List from Device] for the target device.

   

3. Click [Run Now]. It will take some time to complete the execution.

   

4. You can check the progress from [Status]. When all the tasks turn green, it is completed normally. Please close with [Close].

   

** Intermediate CA certificate **

1. Click [ECL_WAF_Intermediate_Certificate] displayed in [Workflows] on the [WORKFLOWS] tab.

   

2. Click [Refresh Certif List from Device] for the device you want to upload.

   

3. Click [Run Now]. It will take some time to complete the execution.

   

4. You can check the progress from [Status]. When all the tasks turn green, it is completed normally. Please close with [Close].

   

2.4.4.8. Setting up Intermediate CA Group

With the following steps, set up Intermediate CA Group.

2.4.4.8.1. Default value

In the default status, any server certificate is not installed and no relating settings are made.

Please install and configure a suitable one for your environment.

2.4.4.8.2. Intermediate CA Group setting items

The following items are required for Intermediate CA Group settings.

Item	Value	Description
Name	(half-width alphanumeric)	Enter a group name. 2-byte character such as Japanese and symbols shown below are not accepted. < > ( ) # ' " or space/blank
Members	(the uploaded intermediate CA certificate)	Add the intermediate CA certificate uploaded in advance. Even when the number of the intermediate CA certificates that you intend to use is one, it is necessary to create a group for being used from server policies.

2.4.4.8.3. Adding Intermediate CA Group

1. Click Intermediate CA Group from the left side of the screen.

   Certificates ‣ Intermediate CA Group

   Click [ Add ] from the Intermediate CA Group section shown at the right-side of the screen.

   

2. Enter the setting value and click [ Save ].

   For the details of the setting items, please refer to Intermediate CA Group setting items.

   

3. Click [ Apply configuration ] to apply the settings to your device.

   

2.4.4.8.3.1. Intermediate CA Group Change (Edit / Duplicate / Remove)

1. Click Intermediate CA Group from the left side of the screen.

   Certificates ‣ Intermediate CA Group

   Select an edit target line at the section of Intermediate CA Group shown at the right-side of the screen, and click the relevant action button.

   

   
   

   The table below shows descriptions of each button used at Intermediate CA Group .

   Button	Description
   Edit	This button allows you to edit members of Intermediate CA Group that have already set.
   Duplicate	This button allows you to copy the existing Intermediate CA Group and open the object setting screen which contains the same values. It will be useful to define another Intermediate CA Group with similar values. Name must be changed.
   Delete	This button allows you to delete a Intermediate CA Group . Certificates, which are being used under Server Policy, and their groups cannot be deleted.

   
   

   If you want to change members, select the target member(s) and click the change button.
   
   
   

   For deleting an item, a confirmation message will be shown. Click [ OK ] to delete.

   

2. Click [ Apply configuration ] to apply the settings to your device.

   

---

2.4.3. Routing settings

2.4.5. Object Settings