User's Manual
Manage Users, Authentication, and VPN Certificates
307
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
The wireless VPN firewall uses digital certificates to authenticate connecting VPN gateways
or clients, and to be authenticated by remote entities. A digital certificate that authenticates a
server, for example, is a file that contains the following elements:
• A p
ublic encryption key to be used by clients for encrypting messages to the server.
• I
nformation identifying the operator of the server.
• A d
igital signature confirming the identity of the operator of the server. Ideally, the
signature is from a trusted third party whose identity can be verified.
You can obtain a digital certificate from a well-known commercial certification authority (CA)
such as
Verisign or Thawte, or you can generate and sign your own digital certificate.
Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate
from a commercial CA provides a strong assurance of the server’s identity. A self-signed
digital certificate triggers a warning from most browsers because it provides no protection
against identity theft of the server.
The wireless VPN firewall contains a self-signed
digital certificate from NETGEAR. This
certificate can be downloaded from the wireless VPN firewall login screen for browser import.
However, NETGEAR recommends that you replace this digital certificate with a digital
certificate from a well-known commercial CA prior to deploying the wireless VPN firewall in
your network.
VPN Certificates Screen
To display the Certificates screen, select VPN > Certificates. Because of the large size of
this screen, and because of the way the information is presented, the Certificates screen is
divided and presented in this manual in three figures (Figure 187 on p
age 308, Figure 189 on
page 310, and Figure 191 on
page 313).
The Certificates screen lets you to view the currently loaded digital certificates, upload a new
d
igital certificate, and generate a certificate signing request (CSR). The wireless VPN firewall
typically holds two types of digital certificates:
• CA certificate
s. Each CA issues its own digital certificate to validate communication with
the CA and to verify the validity of digital certificates that are signed by the CA.
• Self-signed
certificates. The digital certificates that are issued to you by a CA to identify
your device.
The Certificates screen contains four tables t
hat are explained in detail in the following
sections:
• T
rusted Certificates (CA Certificate) table. Contains the trusted digital certificates that
were issued by CAs and that you uploaded (see Manage VPN CA Certificates on this
page).
• Acti
ve Self Certificates table. Contains the self-signed certificates that were issued by
CAs and that you uploaded (see Manage VPN Self-Signed Certificates on p
age 309).
• Sel
f Certificate Requests table. Contains the self-signed certificate requests that you
generated. These requests might or might not have been submitted to CAs, and CAs
might or might not have issued digital certificates for these requests. Only the self-signed