DNS, DDNS and the use of a certificate

Dynamic DNS Services (DDNS) allows a name resolution when using
dynamic IP addresses. This article shows the configuration of the USG for the DDNS provider
Dynu.com. In addition, we create an official SSL certificate (here via SwissSign.ch). With the certificate, we guarantee secure external access to services such as SSL VPN or for remote administration of the USG over HTTPS.

 

Guide:

1. Configuration of the DDNS

2. Creating the request certificate

3. Creating the external certificate

4. Access with HTTPS with an official SSL certificate

 

1. Configuration of the DDNS

In the following example, we have a domain called Studerus.ch with a dynamic IP address that changes regularly. At Dynu.com, you have to sign up for the Dynu Premium Packet
to register. This service is free and does not require regular logins to maintain the account.

Configuration > Network > DDNS > DDNS > Add

 

The DDNS status indicates if the connection to Dynu.com is working.

Monitor > System Status > DDNS Status

In the Dynu account, we set up our subdomain. As an example, we use the subdomain
SSL.Studerus.ch. After we have created these, we create the request certificate on the USG, which we need to apply for an official certificate.

 

2. Creating the request certificate

Configuration > Object > Certificate > My Certificates > Add

The request certificate in the overview My Certificates:

Double-click to open the certificate and paste the contents of the Base-64 encoded display into the
copy clipboard:

 

3. Creating the external certificate

SwissSign will be used as an example!

Since we have created a request certificate, we create an account on SwissSign and
request our SSL certificate for the subdomain SSL.Studerus.ch. For this, we have previously purchased an SSL Silver certificate and received a license code via e-mail.
Go to https://swisssign.net/

If you do not already have an account, click on 'Create Account'.

After logging in we enter the license code of the Silver certificate:

Inserting the PKCS#10 code (Base-64 encoded certificate from the USG):

If the PKCS#10 was accepted, we see on the right side the attributes that we have entered in the USG.

The certificate request was successfully accepted:

For the certificate to be finally triggered, an e-mail will be sent to the e-mail address of the administrator account. Make sure you have access to the mailbox to confirm the e-mail and receive the certificate!

Next, we download the official SSL certificate in .cer format:

On the USG we import the SSL certificate via the My Certificates menu:

Configuration > Certificate > My Certificate > Import

The import became a real certificate from our request certificate

 

4. Access with HTTPS with an official SSL certificate

Next, we deposit the certificate under Service Control for access with HTTPS. Thus, when connecting to the USG via https://ssl.studerus.ch no more certificate error message will come, we can go directly to the login page.

Configuration > System > WWW > Service Control

Articles in this section

Was this article helpful?
5 out of 5 found this helpful
Share