1. Networking
  2. Netgear
  3. STM600 - ProSecure Web And Email Threat Management Appliance

Managing Digital Certificates. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance

Add to My manuals
261 Pages

advertisement

Managing Digital Certificates. Netgear STM600 - ProSecure Web And Email Threat Management Appliance, STM300 - ProSecure Web And Email Threat Management Appliance, STM150 - ProSecure Web And Email Threat Management Appliance | Manualzz

ProSecure Web/Email Security Threat Management (STM) Appliance

Table 22. System Date and Time Settings (Continued)

Setting

Use Custom NTP

Servers

Description (or Subfield and Description)

The STM regularly updates its RTC by contacting one of the two NTP servers (primary and backup), both of which you need to specify in the fields that become available when you select this option.

Note:

If you select this option but leave either the Server 1 or Server 2 field blank, both fields are automatically set to the default NETGEAR NTP servers.

Note:

A list of public NTP servers is available at

http://support.ntp.org/bin/view/Servers/WebHome

.

Server 1 Name /

IP Address

Enter the IP address or host name the primary NTP server.

Server 2 Name /

IP Address

Enter the IP address or host name the secondary NTP server.

Manually Enter the

Date and Time

Date

Time

Enter the date in the yyyy-mm-dd (year-month-date) format.

Enter the time in the hh-mm-ss (hour-minutes-seconds) format.

Time Zone

From the drop-down list, select the local time zone in which the STM operates. The correct time zone is required in order for scheduling to work correctly. You do not need to configure daylight savings time, which is applied automatically when applicable. GMT (Greenwich Mean Time) is the default setting.

Note:

When you select a time zone that is not associated with a location such as (GMT -08:00) GMT-8, daylight savings time is automatically disabled. When you select a time zone that is associated with a location such as (GMT -08:00) Pacific Time ( US & Canada), daylight savings time is automatically enabled.

3.

Click Apply to save your settings. Changing the time zone requires the STM to restart.

Note:

If you select the default NTP servers or if you enter a custom server

FQDN, the STM determines the IP address of the NTP server by performing a DNS lookup. You need to configure a DNS server

address on the Network Settings screen (see

Configuring Network

Settings

on page 52) before the STM can perform this lookup.

Managing Digital Certificates

The STM uses digital certificates (also known as X509 certificates) for secure Web access connections over HTTPS (that is, SSL VPN connections).

Digital certificates can be either self-signed or can be issued by Certification Authorities

(CAs) such as an internal Windows server or an external organizations such as Verisign or

Thawte. On the STM, the uploaded digital certificate is checked for validity and purpose. The digital certificate is accepted when it passes the validity test and the purpose matches its use.

76 | Chapter 3. Performing Network and System Management

ProSecure Web/Email Security Threat Management (STM) Appliance

The STM uses digital certificates to authenticate connecting HTTPS servers, and to allow

HTTPS clients to be authenticated by remote entities. A digital certificate that authenticates a server, for example, is a file that contains the following elements:

A public encryption key to be used by clients for encrypting messages to the server.

Information identifying the operator of the server.

A digital signature confirming the identity of the operator of the server. Ideally, the signature is from a trusted third party whose identity can be verified.

When a security alert is generated, the user can decide whether or not to trust the host.

Figure 46.

You can obtain a digital certificate from a well-known commercial Certificate Authority (CA) such as Verisign or Thawte. Because a commercial CA takes steps to verify the identity of an applicant, a digital certificate from a commercial CA provides a strong assurance of the server’s identity.

The STM contains a self-signed digital certificate from NETGEAR. This certificate can be downloaded from the STM login screen or from the Certificate Management screen for browser import. However, NETGEAR recommends that you replace this digital certificate with a digital certificate from a well-known commercial CA prior to deploying the STM in your network.

The STM’s Certificate Management screen lets you to view the currently loaded digital certificate for HTTPS scans, upload a new digital certificate, manage the trusted CA authorities list, and manage the untrusted certificates list.

To display the Certificate Management screen, select Web Security > Certificate

Management from the menu. Because of the size of this screen, and because of the way the

information is presented, the Certificate Management screen is divided and presented in this

manual in three figures (the following figure,

Figure 48

on page 79, and

Figure 49

on page 80).

Chapter 3. Performing Network and System Management | 77

ProSecure Web/Email Security Threat Management (STM) Appliance

Managing the Certificate for HTTPS Scans

To manage the STM’s active certificate that is used for HTTPS scans, select Web Security >

Certificate Management from the menu. The Certificate Management screen displays. The

following figure shows only the Certificate Used for HTTPS Scans section of the screen:

Figure 47. Certificate Management, screen 1 of 3

The top part of the Certificate Used for HTTPS Scans section displays information about the current certificate that is used for HTTPS scans.

Note:

For information about the HTTPS scanning process,

HTTPS Scan

Settings

on page 119.

To download the current certificate into your browser:

1.

Click Download for browser import.

2.

Follow the instructions of your browser to save the RootCA.crt file on your computer.

To reload the default NETGEAR certificate:

1.

Select the Use NETGEAR default certificate radio button.

2.

Click Apply to save your settings.

78 | Chapter 3. Performing Network and System Management

ProSecure Web/Email Security Threat Management (STM) Appliance

To import a new certificate:

1.

Select the Use imported certificate (PKCS12 format) radio button.

2.

Click Browse next to the Import from File field.

3.

Navigate to a trusted certificate file on your computer. Follow the instructions of your browser to place the certificate file in the Import from File field.

4.

If required, enter the appropriate password in the Certificate password field.

5.

Click the Upload button.

Note:

If the certificate file is not in the pkcs12 format, the upload fails.

Importing a new certificate overwrites any previously imported certificates.

6.

Click Apply to save your settings.

Managing Trusted Certificates

To manage trusted certificates:

Select Web Security > Certificate Management from the menu. The Certificate

Management screen displays. The following figure shows only the Trusted Certificate

Authorities section of the screen:

Figure 48. Certificate Management, screen 2 of 3

The Trusted Certificate Authorities table contains the trusted certificates from third-party websites that are signed by the Certificate Authorities.

Chapter 3. Performing Network and System Management | 79

ProSecure Web/Email Security Threat Management (STM) Appliance

To view details of a trusted certificate:

1.

From the Trusted Certificate Authorities table, select the certificate.

2.

Click View Details. A new screen opens that displays the details of the certificate.

To delete a trusted certificate:

1.

From the Trusted Certificate Authorities table, select the certificate.

2.

Click Delete Selected.

To import a trusted certificate:

1.

Click Browse next to the Import from File field.

2.

Navigate to a trusted certificate file on your computer. Follow the instructions of your browser to place the certificate file in the Import from File field.

3.

Click the Upload button. The newly imported trusted certificate is added to the Trusted

Certificate Authorities table.

Managing Untrusted Certificates

To manage untrusted certificates:

Select Web Security > Certificate Management from the menu. The Certificate

Management screen displays. The following figure shows only the Untrusted Certificates section of the screen:

Figure 49. Certificate Management, screen 3 of 3

When the STM detects an untrusted or invalid certificate, it automatically places the certificate in the Untrusted Certificates table.

To view details of an untrusted certificate:

1.

From the Untrusted Certificates table, select the certificate.

2.

Click View Details. A new screen opens that displays the details of the certificate.

80 | Chapter 3. Performing Network and System Management

advertisement

Related manuals

Netgear STM300EW-100NAS Reference Manual

Netgear

STM300EW-100NAS

  • Reference manual
NETGEAR STM600 - ProSecure Web And Email Threat Management Appliance Appliance Reference Manual

Netgear

STM600 - ProSecure Web And Email Threat Management Appliance

  • User manual
NETGEAR ProSecure STM150 Installation Manual

Netgear

ProSecure STM150

  • Installation manual
ProSecure STM600 Installation Manual

ProSecure

STM600

  • Installation manual
Netgear STM150 ProSecure Web and Email Threat Management Appliance Datasheet

Netgear

STM150EW-100EUS

  • Data Sheet
NETGEAR ProSecure UTM25 Installation Manual

Netgear

ProSecure UTM25

  • Installation manual
Netgear PMPX1121 Datasheet

Netgear

PMPX1121-10000S

  • Data Sheet
Netgear ProSecure UTM100 Installation manual

Netgear

ProSecure UTM100

  • Installation manual
Netgear STM150 Reference Manual

Netgear

STM150

  • Reference manual

advertisement

Table of contents