Managing the Certificate Authority
60 WatchGuard System Manager
authenticates to the Management Server. The CA makes sure that the managed Firebox clients are
authenticated and then gives a certificate to each client. The two managed Firebox clients use the certif-
icates to authenticate the VPN tunnel being created between them.
MUVPN and certificates
Because MUVPN clients are not clients of the Management Server, they authenticate to the Firebox. Use
the MUVPN Wizard from Policy Manager to contact the CA and create a certificate for the MUVPN client.
Policy Manager creates a package that includes this certificate and two other files.
The Firebox administrator gives each MUVPN user a package of files. Together, these files are the MUVPN
end-user profile. Users who authenticate with shared keys receive one .wgx file. Users who authenticate
with certificates receive a .wgx file, a .p12 file (which is the client certificate), and a cacert.pem file (which
contains the root certificate).
The MUVPN user who authenticates with certificates then opens the .wgx file. The root and client certif-
icates contained in the cacert.pem and the .p12 files are automatically loaded.
For more information on MUVPN, see the MUVPN Administrator Guide.
Managing the Certificate Authority
You can control different parameters of the Certificate Authority with the Web-based CA Manager.
1From WatchGuard System Manager, connect to the Management Server.
You must type the configuration passphrase to connect.
1Select Resources > CA Manager.
Click the CA Manager icon on the WatchGuard System Manager toolbar. The icon is shown
at left.
The menu of the Certificate Authority Settings pages appears.
2From the menu, select the correct page:
Certificate Authority CA Certificate
Print a copy of the CA (root) certificate to the screen. You can then manually save it to the client.
Terms of Use | Privacy Policy | DMCA Policy