I'm attempting to import a certificate created by a CA I've set up in Windows using AD CS. I've done the following:
1) Created my own CA (MyCompany)
2) Enabled web services (mostly for ease of configuration)
3) Generated a certificate request on the Sonicwall itself
4) Used web services to sign the certificate
5) Imported the sign certificate into the Sonicwall …this caused the certificate to show "No" for the Verified field.
6) Imported the CA's certificate.
This is where I get stuck. I attempted to import the CRL list, but get the following error: CRL Error - Verification failed using CA certificate. No further errors appear in the logs. Without the CRL list the certificate won't verify and it doesn't appear under the "Administration" page so I can select it for use via HTTPS.
Any ideas?
Edit: From Sonicwall when I attempt to use my HTTP published list:
07/02/2013 14:33:54.256 Alert VPN PKI Cannot Validate Issuer Path HTTPS
19 07/02/2013 14:33:54.256 Alert VPN PKI CRL validation failure for Root Certificate MyCompanyCA
20 07/02/2013 14:33:54.256 Alert VPN PKI Failed to Process CRL from http://crl.mydomain.com/Cert
Enroll/ CA: MyCompanyCA
Best Answer
So, after coming back to this with a brand new CA, it appears there's actually a bug with SonicOS 5.8 that causes this issue. My CA certificate is SHA512 and SonicOS only supports SHA1. Unfortunately I can't upgrade to 5.9 yet (which resolves the issue). If this helps anyone else, awesome.