The default, self-signed certificate that comes on a SonicWALL causes alerts during a Nessus scan. This is because the device uses a certificate that comes on the device and isn’t signed by a valid CA. Chances are, there are limits around who can load the SonicWALL web interface in the first place. But, if you don’t want Nessus to continue alerting, or if you just want to use a certificate signed by a valid CA because it’s a good security practice, you might want to add a new certificate.
The first step is to generate a new CSR. To do so, open the SonicWALL web interface and then click on System in the SonicWALL sidebar. Then click on Certificates and scroll to the bottom of the screen until you see the New Signing Request button.
At the resultant Certificate Signing Request screen, fill out the fields with your information.
Click on the Generate button to bring up the Export Certificate screen. Click Export and then choose where to save the CSR.
Once you receive the certificate, you’ll want to install it. The easiest way to do so is to go back to the Certificates screen (under System in the SonicWALL sidebar) and then scroll down to the bottom, clicking on Import… Here, use Choose File to pick the cert, provide a name for it and the password for it and click on Import.
Next, click on Administration (also under System in the SonicWALL sidebar). Scroll down to the Web Management Settings section of the screen and use the Certificate Selection field to select the newly installed certificate.
And that’s it. I’ve had to restart the device to get it to work properly, but overall, a pretty straight forward process.
krypted January 7th, 2012
Posted In: Network Infrastructure
failed nessus scan, install cert, install certificate, secure web portal, SonicWALL, SSL, tls