Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual Page 144
- Page / 368
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Chapter 11 Web Interface
144
SSL Certificate for the Web Interface
The principle of an encrypted WinRoute Web interface is based on the fact that all communi-
cation between the client and server is encrypted to protect it from wiretapping and misuse
of the transmitted data. The SSL protocol uses an asymmetric encryption first to facilitate
exchange of the symmetric encryption key which will be later used to encrypt the transmitted
data.
The asymmetric cipher uses two keys: a public one for encrypting and a private one for de-
crypting. As their names suggest, the public (encrypting) key is available to anyone wishing to
establish a connection with the server, whereas the private (decrypting) key is available only
to the server and must remain secret. The client, however, also needs to be able to identify
the server (to find out if it is truly the server and not an impostor). For this purpose there is
a certificate, which contains the public server key, the server name, expiration date and other
details. To ensure the authenticity of the certificate it must be certified and signed by a third
party, the certification authority.
Communication between the client and server then follows this scheme: the client generates
a symmetric encryption key for and encrypts it with the public server key (obtained from the
server certificate). The server decrypts it with its private key (kept solely by the server). Thus
the symmetric key is known only to the server and client. This key is then used for encryption
and decipher any other traffic.
Generate or Import Certificate
During WinRoute installation, a testing certificate for the SSL-secured Web interface is created
automatically (it is stored in the sslcert subdirectory under the WinRoute’s installation di-
rectory, in the server.crt file; the private key for the certificate is saved as server.key).
The certificate created is unique. However, it is issued against a non-existing server name and
it is not issued by a trustworthy certificate authority. This certificate is intended to ensure
functionality of the secured Web interface (usually for testing purposes) until a new certificate
is created or a certificate issued by a public certificate authority is imported.
Click on the Change SSL certificate (in the dialog for advanced settings for the Web interface)
to view the dialog with the current server certificate. By selecting the Field (certificate en-
try) option you can view information either about the certificate issuer or about the subject
represented by your server.
You can obtain your own certificate, which verifies your server’s identity, by two means.
You can create your own self-signed certificate. Click Generate Certificate in the dialog where
current server status is displayed. Insert required data about the server and your company
into the dialog entries. Only entries marked with an asterisk (
*
) are required.
Click on the OK button to view the Server SSL certificate dialog. The certificate will be started
automatically (you will not need to restart your operating system). When created, the certifi-
cate is saved as server.crt and the corresponding private key as server.key.
- Kerio WinRoute Firewall 6 1
- Contents 3
- Quick Checklist 7
- Introduction 9
- 2.2 Conflicting software 10
- 2.3 System requirements 11
- 2.4 Installation - Windows 12
- Sharing 15
- 2.9 WinRoute Components 23
- WinRoute Administration 27
- Chapter 4 32
- 4.2 License information 33
- 4.6 User counter 45
- Network interfaces 47
- Figure 5.2 Editing interfaces 50
- Internet Connection 53
- 6.3 Connection Failover 62
- Chapter 6 Internet Connection 64
- 6.4 Network Load Balancing 66
- Traffic Policy 71
- 7.2 How traffic rules work 78
- 7.4 Basic Traffic Rule Types 90
- 7.5 Policy routing 95
- 7.8 Use of Full cone NAT 101
- 7.9 Media hairpinning 102
- Chapter 8 104
- 8.1 DNS module 104
- Figure 8.1 DNS settings 105
- 8.2 DHCP server 110
- 8.4 Proxy server 121
- 8.5 HTTP cache 124
- Bandwidth Limiter 130
- User Authentication 137
- Web Interface 141
- HTTP and FTP filtering 147
- 12.2 URL Rules 148
- 12.5 FTP Policy 162
- Antivirus control 167
- 13.3 HTTP and FTP scanning 172
- 13.4 Email scanning 176
- Definitions 180
- 14.2 Time Ranges 181
- 14.3 Services 183
- 14.4 URL Groups 187
- Description 189
- User Accounts and Groups 190
- 15.2 Local user accounts 193
- Step 1 — basic information 194
- 15.5 User groups 210
- Administrative settings 214
- 16.3 Update Checking 216
- Advanced security features 218
- Other settings 224
- 18.3 Relay SMTP server 229
- Status Information 231
- 19.4 Alerts 243
- Figure 19.12 Alert Definitions 244
- Basic statistics 248
- Figure 20.1 User statistics 249
- 20.2 Interface statistics 250
- Chapter 21 254
- Chapter 22 262
- 22.1 Log settings 262
- Figure 22.1 Log settings 263
- Chapter 22 Logs 264
- Syslog Logging 264
- 22.2 Logs Context Menu 265
- 22.3 Alert Log 269
- 22.4 Config Log 269
- 22.5 Connection Log 270
- 22.6 Debug Log 271
- 22.7 Dial Log 273
- 22.8 Error Log 275
- 22.9 Filter Log 276
- 22.10 Http log 277
- 22.11 Security Log 278
- 22.12 Sslvpn Log 280
- 22.13 Warning Log 280
- 22.14 Web Log 281
- Kerio VPN 283
- 23.1 VPN Server Configuration 284
- Chapter 23 Kerio VPN 320
- Paris branch office server 332
- Chapter 24 335
- Chapter 25 338
- 25.2 Configuration files 339
- Technical support 351
- 26.2 Tested in Beta version 352
- Legal Notices 353
- Used open source items 354
- Glossary of terms 357
© 2020, manymanuals.com. All rights reserved. | 0.130 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals