Creating New Cert from local trusted root CA

Reply
Cyber Elite

Creating New Cert from local trusted root CA

i have local trusted root CA on the PA.

Also i have ssl decryption cert on the PA.

 

Is it possible i can create new cert from root and use it for web gui?

MP

Accepted Solutions
L4 Transporter

Do you have private key of same certificate inside PA ? . then only you can use the certificate for web access

View solution in original post

L7 Applicator

Abdul eluded to it - you can't generate a new cert from that root without the private key. If that was a thing you could do, you could just grab GoDaddy or Letsencrypt's public root cert and create a valid cert for any domain. It's a fundamental part of PKI - ff you don't have the private key, you can't sign a new cert issued by that CA.

View solution in original post


All Replies
L4 Transporter

You can generate a new certificate for GUI as well, but you need not to. you can use the same root cert for GUI as well. call it under ssl/tls service profile. use it under management configuration.

Cyber Elite

it do not work.

under ssl/tls profile the CA root ceret does not show up?

MP
L4 Transporter

Do you have private key of same certificate inside PA ? . then only you can use the certificate for web access

View solution in original post

Cyber Elite

No CA root cert has no private key checked.

MP
Cyber Elite

any one can answer this?

MP
L7 Applicator

Abdul eluded to it - you can't generate a new cert from that root without the private key. If that was a thing you could do, you could just grab GoDaddy or Letsencrypt's public root cert and create a valid cert for any domain. It's a fundamental part of PKI - ff you don't have the private key, you can't sign a new cert issued by that CA.

View solution in original post

Cyber Elite

Many thanks for answering the question.

MP
Cyber Elite

Besides the fact that the whole trust system of the PKI wouln't work if everyone could sign certs with a publoc key, the money-making machine of the public CA also wouln't work ;)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!