Installing an IIS Certificate into a SonicWALL SSL-VPN device
In the small business world I work in, easy-to-use remote connectivity is a must. One common device we use is the SonicWALL SSL-VPN. It has a web interface that users logon to with their Active Directory authenication. From there, they can install the VPN client themselves. Since the webpage is SSL encrypted, users will get that ‘Certificate Error’ page first if you don’t have a proper certificate setup. This page tends to confuse and/or annoy most users I ask.
Many of these businesses have UC Certificates or Wildcard Certificates for their Exchange setup already. These certificates can be exported and used for the SSL-VPN as well. SonicWALL SSL-VPN devices are very picky about importing certificates though. They must be 1024bits or less. They must be contained as 2 files, ‘server.key’ and ‘server.crt’, and these files must be zipped up into ‘server.zip’.
There is a somewhat tricky conversion process, which I will document below.
- Export the IIS certificate as a PFX file. Include the private key. For this example, place it in the folder: ‘C:\certs’
- Download and install OpenSSL.
- In a command window, browse to the folder containing ‘openssl.exe’.
- Run the following: openssl pkcs12 -in c:\certs\certificate.pfx -out c:\certs\certificate.cer -nodes
- Create 2 blank notepad files named ‘server.key’ and ‘server.crt’.
- Open the new ‘certificate.cer’ file you created in Wordpad.
- Copy the private key in this file to ‘server.key’.
- Copy the public key in the file to ‘server.crt’.
- Zip up the 2 newly saved files into ‘server.zip’
- Import into the SSL-VPN and mark the certificate as Default.