SSL Certificates CA Verisign

Reply
L1 Bithead

Re: SSL Certificates CA Verisign

Hi,ok i understand we need the same certificate in Firewall as on the server, that we can make on the test Server.But the live Server had the verisign certificate. And we dont can change it. On all certificate we have downloaden From verisign we dont Have the choose to aktivate trust/untrust

On the der.

L6 Presenter

Re: SSL Certificates CA Verisign

Hi Netmaster,

I dont think for inbound encryption you need forward trust/untrust option. All you need is certificate and its private key to upload. Let me know if that helps.

"Forward trust/untrust" is for outbound SSL decryption.

REgards,

Hardik Shah

Highlighted
L1 Bithead

Re: SSL Certificates CA Verisign

Hi,

Sry i think so. In the decryption policy is the last point "ssl inbound" and When we choose it we must choose a certificate. And Here is the Only certificate what we can choose the  self signed with the Option

"Forward trust/untrust". Oh er certificate Here Are Not listed

L6 Presenter

Re: SSL Certificates CA Verisign

Did you uploaded cert with private key ?

L1 Bithead

Re: SSL Certificates CA Verisign

Hi,

now we have uploaded whit key and make a policy and it works.

But 1 point, the documentation is here a little bit confuse!

There is the info that you need " forward trust/untrust option" and a CA but for this case is this not the point.

"1. The first thing we would like to do is to install and manage the certificate we would like to use. Navigate  Device > Certificates and generate a new self signed Certificate, be sure to activate CA,Forward Trust Certificate, Untrust and Trusted Root CA:"

thanks for your help.

best regards

L6 Presenter

Re: SSL Certificates CA Verisign


Hello Netmaster,

I am glad I was useful to you and finally we found correct answer.

Actually document is not easy to understand, only first time its difficult. Nowonwards you should be able to understand. Thing is when we say self signed cert, we assume user knows he is supposed to check "certirficate" box.

Regards,

Hardik Shah

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!