Tip
This is the documentation for the 23.11 version. Looking for the documentation of the latest version? Have a look here.
Submit the Certificate Signing Request¶
To generate a signed certificate, the signing request must be submitted to Netgate. Netgate will sign the request with a Certificate Authority key trusted by the TNSR update repository servers.
Required Customer Information¶
The certificate signing request must be accompanied by information Netgate can use to identify the customer and validate the request. This information varies by platform.
TNSR Device or ISO Install¶
For customers using a device preloaded with TNSR or installing TNSR from an ISO image, the certificate signing support request must be accompanied by information that Netgate can use to validate the request. Netgate must be able to determine that the request is being sent from an authorized user on an account that has an appropriate TNSR purchase.
For example, send the support request from the same e-mail address which was used when making the TNSR purchase and include an order number and other relevant information in the support request when submitting the CSR.
TNSR in AWS¶
For AWS customers, two additional pieces of information are necessary to validate the status of customer accounts before Netgate can sign a certificate:
The AWS Customer ID
The AWS Instance ID
Note
When registering a TNSR instance to obtain a client certificate, Netgate must be able to prove that this instance of TNSR is a valid instance of the currently published AWS image. To do this, Netgate utilizes the AWS API that indicates which TNSR image the specified instance ID is an instance of. This is the only use of the customer instance ID, which is not stored or retained in any way.
The AWS Customer ID can be found using the instructions at https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
The AWS Instance ID can be retrieved from the EC2 Web Console:
Navigate to https://console.aws.amazon.com/ec2/
Click Instances
Click the box next to the TNSR instance to select it
The AWS Instance ID is displayed at the bottom of the page under the Description tab
Create a Support Request for the CSR¶
Using the CSR and customer information, submit a request on the Netgate Support Portal.
Warning
The following steps are still under design and development and may change at any time.
Navigate to the Netgate TAC Support Request page
Log in with an existing account using an email address and password, or register a new account using the Sign Up button and following the prompts
Create a new support request with the following properties:
- Department:
Select
Netgate Global Support
- Software Product:
Select the matching purchased TNSR product, either
TNSR Business
orTNSR Enterprise
- Platform:
Choose the value that matches where TNSR is running, for example
TNSR in AWS
,Netgate 1541 1U
, orWhitebox / Other
- General Problem Description:
Select
TNSR Certificate Authorization
- Support Level:
Choose the support level that matches the purchased TNSR product,
TNSR Business
,TNSR Business Plus
, orTNSR Enterprise
- AWS Instance ID:
For TNSR on AWS customers only, The ID for this TNSR instance located previously
- AWS Customer ID:
For TNSR on AWS customers only, the AWS Customer ID located previously
- Order Number:
For device and ISO customers, the order number of the TNSR purchase for this device
Include any other necessary identifying information in the Description field
Click Attach file and attach the file containing the CSR text
Submit the support request
Retrieve the signed certificate¶
Warning
The following steps are still under design and development and may change at any time.
Once the certificate signing request has been signed by Netgate, support representatives will respond back to the e-mail address used to submit the request with the signed certificate.
For those with a login to the support system, the status of the support request will be updated to reflect that the certificate is ready.
When this occurs, download the signed certificate:
Navigate to the Netgate TAC Support Portal page
Locate the support request
Download the attached signed certificate file