Please enable JavaScript.
Coggle requires JavaScript to display documents.
Certificate Management - Coggle Diagram
Certificate Management
Set Up Verification for Certificate Revocation Status -344
Configure an OCSP Responder
Configure Revocation Status Verification of Certificates
Configure Revocation Status Verification of Certificates Used for SSL/TLS Decryption
Export a Certificate and Private Key - 370
Master Key Encryption (353-357)
Master Key Encryption Logs
Master Key Encryption on a Firewall HA Pair
Configure Master Key Encryption Level
Unique Master Key Encryptions for AES-256-GCM
Keys and Certificates (336-339)
Sử dụng cho các ứng dụng sau
Decrypting inbound and outbound SSL traffic
External dynamic list (EDL) validation
IP sec site to site VPN
Global Protect VPN
Authentication Portal, MFA
User-ID agent and TS agent access.
Certificate Revocation 340 -343
Online Certificate Status Protocol (OCSP)
Enable an HTTP Proxy for OCSP Status Checks
STEP 1 | Configure a proxy server.
STEP 2 | Configure an OCSP responder.
STEP 3 | Configure revocation status verification of certificates.
Certificate Revocation List (CRL)
Certificate Deployment
Configure the Master Key -350
You cannot recover the master key and the only
way to restore the default master key is to Reset the Firewall to Factory Default Settings.
STEP 1 | Backup the configuration
STEP2 : (HA only) Disable Config Sync.
STEP 3 | Select Device > Master Key and Diagnostics and edit the Master Key section
STEP 4 | Enter the Current Master Key if one exists.
STEP 5 | Define a new New Master Key and then Confirm New Master Key. The key must contain
exactly 16 characters.
STEP 6 | To specify the master key Lifetime, enter the number of Days and/or Hours after which the
key will expire.
STEP 7 -11 (351-352)
Obtain Certificates (357 -370 )
Obtain a Certificate from an External CA
Install a Device Certificate
Import a Certificate and Private Key
Restore an Expired Device Certificate
Generate a Certificate
Deploy Certificates Using SCEP
Create a Self-Signed Root CA Certificate
Default Trusted Certificate Authorities (CAs) 339
Là kho chứng chỉ gốc (root CA) mặc định được cài đặt sẵn trên thiết bị, bao gồm các CA phổ biến như DigiCert, GlobalSign, Let’s Encrypt... để firewall tin cậy khi xác thực các server certificate khi thiết lập kết nối SSL/TLS ra Internet
Replace the Certificate for Inbound Management Traffic
Secure Keys with a Hardware Security Module
Revoke and Renew Certificates
Block Private Key Export 371
Configure an SSL/TLS Service Profile
Configure the Key Size for SSL Forward Proxy Server Certificates
Configure an SSH Service Profile
Configure a Certificate Profile