Step 1. Generate a CSR (Certificate Signing Request) on the Netscreen. Select Objects
. Enter in the appropriate information for your firewall and hit Generate
. The firewall will spin for a while and then spit out your CSR.
Generating Local certificate. Please wait ... ...
Note that: Due to the intensive computation involved when generating the PKCS files, this process can take up to several minutes.
Step 2. Copy the output key into a text file (csr.txt) on the box with openssl installed.
Step 3. We'll need to generate a CA key to sign the CSR so we'll use openssl for that. We'll create the private CA key first. Then we'll create the certificate (public key) for the CA. Finally we'll sign the CSR with our newly created CA.
openssl genrsa -des3 -out CA.key 1024
openssl req -new -key CA.key -x509 -days 1095 -out CA.crt
openssl x509 -req -days 365 -in csr.txt -CA CA.crt -CAkey CA.key -CAcreateserial -out signed.crt
Step 4. Import the signed certificate (signed.crt) back into the firewall and start using HTTPS. On the Netscreen select Objects
. Select Cert
and then load
. The certificate should show up below under available certificates. That's all!