SSL forward-proxy certificate import

L2 Linker

SSL forward-proxy certificate import

I've gerenated a CSR to give my enterprise CA. Now, I've recieved the enterprise CA-signed certificate ann imported it onto the firewall.

The status reads "valid". The "Key" box is checked, however the "CA" box isn't. 

Also, when I select the certificate, the option for "Forward Trust Certificate" is grayed out.


Did I do something incorectly when generating the CSR?

Or, did the enterprise CA not provide the proper authority?

Is there something I can do to correct this, or do I have to generate another CSR?

L5 Sessionator

Re: SSL forward-proxy certificate import

Hello there.


The enterprise CA is the issue.


It needs to sign the CSR, but also allow that new cert to have subordinate or intermediate certication authority.


then, when the new cert is imported, it will have the correct CA flag to do your decryption.


If it is a windows machine that is the DC/Cert Authority, choose option to submit an advanced certificate request, and then confirm that "subordinate certifcation authority is chosen" is chosen.


Let us know if this answers your questions.


Help the community: Like helpful comments and mark solutions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!