Installing a new Smoothwall
You should export the Default root certificate authority and push this out to client devices on your network. Any Dynamic certificates created as part of the Default root certificate authority's chain are automatically trusted. Modifications don't result in a redistribution.
Migrating from an existing Smoothwall
Your existing certificates are automatically imported into the new certificate management system and assigned to the services they were used for previously. You might leave them as they're. Alternatively, you might reassign services to Dynamic certificates in the default CA trust chain.
Using Active Directory certificates
If your client devices are part of an Active Directory domain, you can use the Root Certificate from Active Directory on the Smoothwall as the default CA. This avoids the need to push Smoothwall-specific certificates to the client devices.
Note: It's assumed that Active Directory has the Certificate Services role installed, configured to automatically push the Root Certificate to clients.
From the Active Directory server, back up the root level Certificate Authority, including the private key. Import this into the Certificates for services page, and set this as the Default CA. This automatically creates dynamic certificates suitable for Smoothwall services. Reassign the HTTPS Inspection (see our help topic, Managing HTTPS inspection settings) and user-facing HTTPS (see our help topic, Customizing the administration user interface) services to the appropriate dynamic certificates.
Using a purchased certificate for HTTPS services
You might use a purchased certificate for user-facing HTTPS services. To do this, you should import the certificate into the Certificates for services page, then reassign the service for user-facing HTTPS services to this certificate (see our help topic, Customizing the administration user interface).
Note: You can't buy a certificate suitable for HTTPS inspection.