- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-11-2019 09:40 AM - edited 01-11-2019 01:31 PM
I'm running a VM-100 with several zones where I have MS AD / WSUS in one, two zones with lots of wireless device management, another zone for vmware management etc.
Every day I run into web browsers yelling about unsecure acces to local device management due to lack of trusted certificates. I know I can just continue to create and import local certs to keep the noise low, but I wanted to ask here if there is a possibility to purchase a cert from a trusted provider and that this cert can be used to 'certify' all of my local zones / subnets including local MS WSUS servers, Work Folders etc...
I've been told that this must be a wildcard cert, but I'd be grateful if you can enlighten me of my options and point me in the right direction(s).
01-12-2019 06:58 AM
bump
Not possible or silly question...?
01-12-2019 12:18 PM
If you only need the certs for internal purposes you don't have to buy a public wildcard cert. This can be done with an internal PKI (Public Key Infrastructure). And if you have / want an internal PKI you could also create the certs on your PaloAlto firewall. Fist you need to generate a Root CA Cert where you enable the CA checkbox, after that I would recomment to generate an intermediate CA cert where you also enable the CA checkbox and choose the option that this intermediate CA cert will be signed by the previously generated root CA cert. After that you are ready to generate your wildcard cert which should be signed by your intermediate CA cert.
Your generated root cert you have to export (only the public key) and import this one to your client(s) to avoid cert warnings in the browser (and to make it even more secure, export the root CA cert (this time with the private key) and store it on an usb flash drive or another computer which is offline (not attackable over the network). Be careful that you do not loose this root CA key).
Hope this helps.
Regards,
Remo
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!