Commit Error Received after Configuring SSL Decryption for Certificate Generation

Printer Friendly Page

Issue

After configuring SSL decryption, the commit fails after generating a certificate with the following error:  "Error:vys1 decryption: forward decrypt trust cert is not configured".

 

Cause

The commit fails because the SSL decryption requires a certificate for forward proxy.

 

Resolution

  1. Create a self generated certificate with 'Certificate Authority' checked, as shown below:


  2. Once generated, open the certificate (Device tab > Certificate Management > Certificates) and check two options:
    Forward Trust Certificate
    Forward Untrust Certificate


  3. After clicking OK, the certificate store should look like the following:
  4. The commit should now be successful.

 

owner: kadak

Tags (4)
Comments

Aye. What if I want to upload a signed certificate for inbound SSL? The "Forward" boxes are always ghosted.

oi! The certificate you're trying to import needs to be a CertificateAuthority, you may need to re-create it with this attribute enabled before you try to import it