topic Re: SSL decryption forward proxy in vwire mode and common name of certific in General Topics

SSL decryption forward proxy in vwire mode and common name of certificate

MP18 — Mon, 11 May 2020 22:33:43 GMT

We have PA 9.1 running vwire for vendor traffic.

I need to create ssl decrypt cert for the user traffic going to internet.

Seems SSL decryption can work in vwire mode.

When I create self signed cert for the user PC what should I put under common name?

any name will work?

As traffic is sourced from the switch which is doing all the natting and it has public IP address .

setup

switch with public ip say 184.x.x.x-----------v wire PA------------------------ISP modem.

Regards

Re: SSL decryption forward proxy in vwire mode and common name of certific

reaper — Tue, 12 May 2020 07:09:16 GMT

the certificate cn should be something you can identify as yours if you need to do troubleshooting, but with selfsigned certificates it only matters that the selfsigned CA is added to your client's trusted root certificates store, else they will get a certificate error for each website

Re: SSL decryption forward proxy in vwire mode and common name of certific

MP18 — Tue, 12 May 2020 13:21:47 GMT

Many Thanks for confirming that Reaper.