Submit the Certificate Signing Request

To generate a signed certificate, the signing request must be submitted to Netgate. Netgate will sign the request with a Certificate Authority key trusted by the TNSR update repository servers.

Required Customer Information

The certificate signing request must be accompanied by information Netgate can use to identify the customer and validate the request. This information varies by platform.

TNSR Device or ISO Install

For customers using a device preloaded with TNSR or installing TNSR from an ISO image, the certificate signing support request must be accompanied by information that Netgate can use to validate the request. Netgate must be able to determine that the request is being sent from an authorized user on an account that has an appropriate TNSR purchase.

For example, send the support request from the same e-mail address which was used when making the TNSR purchase and include an order number and other relevant information in the support request when submitting the CSR.

TNSR in AWS

For AWS customers, two additional pieces of information are necessary to validate the status of customer accounts before Netgate can sign a certificate:

  • The AWS Customer ID

  • The AWS Instance ID

Note

When registering a TNSR instance to obtain a client certificate, Netgate must be able to prove that this instance of TNSR is a valid instance of the currently published AWS image. To do this, Netgate utilizes the AWS API that indicates which TNSR image the specified instance ID is an instance of. This is the only use of the customer instance ID, which is not stored or retained in any way.

The AWS Customer ID can be found using the instructions at https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html

The AWS Instance ID can be retrieved from the EC2 Web Console:

  1. Navigate to https://console.aws.amazon.com/ec2/

  2. Click Instances

  3. Click the box next to the TNSR instance to select it

  4. The AWS Instance ID is displayed at the bottom of the page under the Description tab

Create a Support Request for the CSR

Using the CSR and customer information, submit a request on the Netgate Support Portal.

Warning

The following steps are still under design and development and may change at any time.

  1. Navigate to the Netgate TAC Support Request page

  2. Log in with an existing account using an email address and password, or register a new account using the Sign Up button and following the prompts

  3. Create a new support request with the following properties:

    Department

    Select Netgate Global Support

    Software Product

    Select the matching purchased TNSR product, either TNSR Business or TNSR Enterprise

    Platform

    Choose the value that matches where TNSR is running, for example TNSR in AWS, Netgate 1541 1U, or Whitebox / Other

    General Problem Description

    Select TNSR Certificate Authorization

    Support Level

    Choose the support level that matches the purchased TNSR product, TNSR Business, TNSR Business Plus, or TNSR Enterprise

    AWS Instance ID

    For TNSR on AWS customers only, The ID for this TNSR instance located previously

    AWS Customer ID

    For TNSR on AWS customers only, the AWS Customer ID located previously

    Order Number

    For device and ISO customers, the order number of the TNSR purchase for this device

  4. Include any other necessary identifying information in the Description field

  5. Click Attach file and attach the file containing the CSR text

  6. Submit the support request

Retrieve the signed certificate

Warning

The following steps are still under design and development and may change at any time.

Once the certificate signing request has been signed by Netgate, support representatives will respond back to the e-mail address used to submit the request with the signed certificate.

For those with a login to the support system, the status of the support request will be updated to reflect that the certificate is ready.

When this occurs, download the signed certificate:

  1. Navigate to the Netgate TAC Support Portal page

  2. Locate the support request

  3. Download the attached signed certificate file