Step 1. Generate a CSR (Certificate Signing Request) on the Netscreen. Select
Objects->
Certificates ->
New. Enter in the appropriate information for your firewall and hit
Generate. The firewall will spin for a while and then spit out your CSR.
Generating Local certificate. Please wait ... ...
Note that: Due to the intensive computation involved when generating the PKCS files, this process can take up to several minutes.
Step 2. Copy the output key into a text file (csr.txt) on the box with openssl installed.
Step 3. We'll need to generate a CA key to sign the CSR so we'll use openssl for that. We'll create the private CA key first. Then we'll create the certificate (public key) for the CA. Finally we'll sign the CSR with our newly created CA.
-
openssl genrsa -des3 -out CA.key 1024
-
openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
-
openssl x509 -req -days 365 -in csr.txt -CA CA.crt -CAkey CA.key -CAcreateserial -out signed.crt
Step 4. Import the signed certificate (signed.crt) back into the firewall and start using HTTPS. On the Netscreen select
Objects ->
Certificates ->
Browse. Select
Cert and then
load. The certificate should show up below under available certificates. That's all!