Hi,ok i understand we need the same certificate in Firewall as on the server, that we can make on the test Server.But the live Server had the verisign certificate. And we dont can change it. On all certificate we have downloaden From verisign we dont Have the choose to aktivate trust/untrust
On the der.
I dont think for inbound encryption you need forward trust/untrust option. All you need is certificate and its private key to upload. Let me know if that helps.
"Forward trust/untrust" is for outbound SSL decryption.
Sry i think so. In the decryption policy is the last point "ssl inbound" and When we choose it we must choose a certificate. And Here is the Only certificate what we can choose the self signed with the Option
"Forward trust/untrust". Oh er certificate Here Are Not listed
now we have uploaded whit key and make a policy and it works.
But 1 point, the documentation is here a little bit confuse!
There is the info that you need " forward trust/untrust option" and a CA but for this case is this not the point.
"1. The first thing we would like to do is to install and manage the certificate we would like to use. Navigate Device > Certificates and generate a new self signed Certificate, be sure to activate CA,Forward Trust Certificate, Untrust and Trusted Root CA:"
thanks for your help.
I am glad I was useful to you and finally we found correct answer.
Actually document is not easy to understand, only first time its difficult. Nowonwards you should be able to understand. Thing is when we say self signed cert, we assume user knows he is supposed to check "certirficate" box.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!