Filter
Top Products
DPI-SSL > Client SSL
797
SonicOS 5.8.1 Administrator Guide
Creating PKCS-12 Formatted Certificate File
PKCS12 formatted certificate file can be created using Linux system with OpenSSL. In order to
create a PKCS-12 formatted certificate file, one needs to have two main components of the
certificate:
• Private key (typically a file with .key extension or the word key in the filename)
• Certificate with a public key (typically a file with .crt extension or the word cert as part of
filename).
For example, Apache HTTP server on Linux has its pr
ivate key and certificate in the following
locations:
• /etc/httpd/conf/ssl.key/server.key
• /etc/httpd/conf/ssl.crt/server.crt
With these two files available, r
un the following command:
openssl pkcs12 -export -out out.p12 -inkey server.key -in server.crt
In this example out.p12 will become the PKCS-12 formatted certificate file and server.key and
server.crt are the PEM formatted private key and the certificate file respectively.
After the above command, one would be prompted for the password to protect/encrypted the
file. After the password is chosen, the creation of PKCS-12 formatted certificate file is complete
and it can be imported into the UTM appliance.
Client DPI-SSL Examples
The following sections
• “Content Filtering” on page 797
• “Application Firewall” on page 798
Content Filtering
To perform SonicWALL Content Filtering on HTTPS and SSL-based traffic using DPI-SSL,
perform the following steps:
1. Navigate to the DPI-SSL > Client SSL page
2. Select the Enable SSL Inspection checkbox and the Content Filter checkbox.
3. Click Apply.
4. Navigate to the Security Services > Content Filter page and click the Configure button.
5. Uncheck the Enable IP based HTTPS Content Filtering checkbox.
6. Select the appropriate categories to be blocked.
7. Click Apply.
8. Navigate to a blocked site using the HTTPS protocol to verify that it is properly blocked.
Note For content filtering over DPI-SSL, the first time HTTPS access is blocked result in a blank
page being displayed. If the page is refreshed, the user will see the SonicWALL block page.