Certificates

1. Why doesn't my TLS connection work?
2. Why can't I sign my certificate with the OpenSSL CA downloaded from your site?

Why doesn't my TLS connection work?

Problem description

TLS doesn't work with my firewall/SIParator™ even though I made all the settings right.

What to do

Following is a simple check list to ensure that all necessary steps were performed:

• Create a self signed certificate on the Certificates page.
• Select this certificate on the SIP Encryption page.
• Restart the firewall/SIParator™.
• Download the self signed certificate and import it on the client machine. On a Windows computer, this is done using Internet Explorer. Select Tools->Internet Options->Content->Certificate and import it as a Trusted Root Certificate.

If it still doesn't work, check these things:

• Check the time on the firewall/SIParator™ and the client machine. The certificate is only valid in a certain time frame.
• Checking the event log of the Windows computer can be helpful. Often the reason for the failure is stated there.
• The Common Name of the firewall/SIParator™ certificate should point to one of its interfaces, preferably the outside. It is important that the same address (ip or hostname) is used as the outbound proxy setting in Messenger or it won't work.

Why can't I sign my certificate with the OpenSSL CA downloaded from your site?

Problem description

I downloaded the OpenSSL CA to sign certificates from the firewall, but suddenly it doesn't accept the certificate requests though I made everything just as I did before.

What to do

In the Ingate Firewall 3.2.0, the format of the certificate request was changed. There is an additional script to change the format of the request into something the CA will handle.