- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-06-2019 12:34 PM
i have local trusted root CA on the PA.
Also i have ssl decryption cert on the PA.
Is it possible i can create new cert from root and use it for web gui?
02-07-2019 05:54 AM
Do you have private key of same certificate inside PA ? . then only you can use the certificate for web access
02-15-2019 02:04 PM
Abdul eluded to it - you can't generate a new cert from that root without the private key. If that was a thing you could do, you could just grab GoDaddy or Letsencrypt's public root cert and create a valid cert for any domain. It's a fundamental part of PKI - ff you don't have the private key, you can't sign a new cert issued by that CA.
02-07-2019 12:38 AM
You can generate a new certificate for GUI as well, but you need not to. you can use the same root cert for GUI as well. call it under ssl/tls service profile. use it under management configuration.
02-07-2019 04:55 AM
it do not work.
under ssl/tls profile the CA root ceret does not show up?
02-07-2019 05:54 AM
Do you have private key of same certificate inside PA ? . then only you can use the certificate for web access
02-07-2019 07:39 PM
No CA root cert has no private key checked.
02-15-2019 01:09 PM
any one can answer this?
02-15-2019 02:04 PM
Abdul eluded to it - you can't generate a new cert from that root without the private key. If that was a thing you could do, you could just grab GoDaddy or Letsencrypt's public root cert and create a valid cert for any domain. It's a fundamental part of PKI - ff you don't have the private key, you can't sign a new cert issued by that CA.
02-15-2019 02:23 PM
Many thanks for answering the question.
02-16-2019 05:13 AM
Besides the fact that the whole trust system of the PKI wouln't work if everyone could sign certs with a publoc key, the money-making machine of the public CA also wouln't work 😉
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!