Description:
Accessing the web configuration interface of a LANCOM R&S®Unified Firewall usually prompts a warning about an insecure certificate because its is self-signed by the firewall and therefore not from a trusted certificate authority (CA) known to the browser. This document describes how this warning can be removed.


Requirements:


Procedure:
1) Log in to the firewall’s web interface with administrator rights.
2) Open the menu item Certificate management → Certificates and click the “+” button.
3) Modify the following parameters and click Create:
  • Certificate Type: Select the option Certificate.
  • Template: In the dropdown menu select the option Certificate Authority.
  • Common Name (CN): Enter a common name of your choice for the CA (e.g. LANCOM CA).
  • Private Key Password: Set any private key password.
4) Now click the “+” button again to create an additional certificate, modify the following parameters and click Create:
  • Certificate Type: Select the option Certificate.
  • Template: In the dropdown menu select the option Certificate.
  • Common Name (CN): Enter a common name of your choice for the webclient certificate (e.g. WebGUI-Certificate).
  • Private Key Password: Set any private key password.
  • Signing CA: In the dropdown menu select the CA created in step 3.
  • CA Password: Enter the Private Key Password of the CA entered in step 3.
  • Subject Alternative Name (SAN): Enter at least the IP address of one management interface of the Unified Firewal (in this example 192.168.1.254). If you access the firewall via other interfaces, you can also specify these here.
5) For the CA created in step 3 (in this example LANCOM CA) click on the button for the certificate export.
6) Select the format PEM / CRT and click Export. The certificate is saved in *.crt format.

No additional settings must be made in this menu.

In LCOS FX up to and including version 10.6 the certificate is saved in *.pem format. In this case the file extension of the certificate has to be changed manually to *.crt.

7) Double-click to install the certificate in your Windows operating system.
It is important that you install the certificate in the “Trusted Root CAs” store.
8) In the configuration interface of the Firewall, switch to the menu Firewall → Firewall Access → Webclient Settings.
9) Select the webclient certificate created in step 4 (in this example WebGUI-Certificate), enter its Private Key Password and click Save.
10) Restart your Windows operating system afterwards.



All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH