1. Download the Watchgaurd selfsigned https proxy certificate from http://firebox:4126

2. Rename the certificate to a recognizable name and change the extension from .CER to .CRT

3. Create directory <watchguard> in /usr/share/ca-certificates/

4. Copy the selfsigned certificate to the <watchguard> directory and change security to 744.
sudo chmod 744 selfsignedcert.crt

5. Change owner to root. chown root:root selfsignedcert.crt

6. Edit /etc/ca-certificates.conf to include the selfsigned certificate.
sudo vim /etc/ca-certificates.conf and add the following to the end of the file watchguard/selfsignedcert.crt

7. Create symbolic link to system folder.
ln -s /usr/share/ca-certificates/watchguard/selfsignedcert.crt /etc/ssl/certs/selfsignedcert.pem

8. Create hashed link.
/etc/ssl/certs – ln -s selfsignedcert.pem `openssl x509 -hash -noout -in selfsignedcert.pem`.0

9. Test the certificate with openssl verify -CApath /etc/ssl/certs selfsignedcert.pem

10. Use wget to test secure web access, wget www.google.com

Categories:

Tags:

No responses yet

Skriv et svar

Din e-mailadresse vil ikke blive publiceret.

This site uses Akismet to reduce spam. Learn how your comment data is processed.