topic Re: SSL forward-proxy certificate import in General Topics

SSL forward-proxy certificate import

JermaineScott — Tue, 03 Sep 2019 15:57:52 GMT

I've gerenated a CSR to give my enterprise CA. Now, I've recieved the enterprise CA-signed certificate ann imported it onto the firewall.

The status reads "valid". The "Key" box is checked, however the "CA" box isn't.

Also, when I select the certificate, the option for "Forward Trust Certificate" is grayed out.

Did I do something incorectly when generating the CSR?

Or, did the enterprise CA not provide the proper authority?

Is there something I can do to correct this, or do I have to generate another CSR?

Re: SSL forward-proxy certificate import

S.Cantwell — Tue, 03 Sep 2019 18:30:37 GMT

Hello there.

The enterprise CA is the issue.

It needs to sign the CSR, but also allow that new cert to have subordinate or intermediate certication authority.

then, when the new cert is imported, it will have the correct CA flag to do your decryption.

If it is a windows machine that is the DC/Cert Authority, choose option to submit an advanced certificate request, and then confirm that "subordinate certifcation authority is chosen" is chosen.

Let us know if this answers your questions.

Re: SSL forward-proxy certificate import

vpeng — Thu, 23 Dec 2021 11:54:17 GMT

Hey, finally how to fix the issue?