Digital certificates provide verification of ownership of a user or computer (example: VPN) or an organization (example: websites) over the internet, and are issued by a certificate authority (CA). Certificate signing requests (CSR) enable you to provide the information required for the CA to issue a certificate. CAs issue certificates which can include the owner’s public key, the certificate’s validity period, owner information and the private key. Verification is completed through the private key which is held by the owner.

Certificates are revoked when the private key is lost, stolen, or updated. CAs maintain a list of valid and revoked certificates. Self-signed certificates that are revoked are automatically added to the certification revocation list (CRL).

XG Firewall allows you to:

  • generate a self-signed certificate, upload a third-party certificate, or to generate a CSR.
  • use the device as the CA or add an external CA.
  • revoke a self-signed certificate or upload an external CRL.

The tick mark in the Authority column indicates that an associated CA is installed for the certificate.