Creating New Cert from local trusted root CA

Reply
Highlighted
Cyber Elite

Creating New Cert from local trusted root CA

i have local trusted root CA on the PA.

Also i have ssl decryption cert on the PA.

 

Is it possible i can create new cert from root and use it for web gui?

MP

Accepted Solutions
Highlighted
L4 Transporter

Re: Creating New Cert from local trusted root CA

Do you have private key of same certificate inside PA ? . then only you can use the certificate for web access

View solution in original post

Highlighted
L7 Applicator

Re: Creating New Cert from local trusted root CA

Abdul eluded to it - you can't generate a new cert from that root without the private key. If that was a thing you could do, you could just grab GoDaddy or Letsencrypt's public root cert and create a valid cert for any domain. It's a fundamental part of PKI - ff you don't have the private key, you can't sign a new cert issued by that CA.

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: Creating New Cert from local trusted root CA

You can generate a new certificate for GUI as well, but you need not to. you can use the same root cert for GUI as well. call it under ssl/tls service profile. use it under management configuration.

Highlighted
Cyber Elite

Re: Creating New Cert from local trusted root CA

it do not work.

under ssl/tls profile the CA root ceret does not show up?

MP
Highlighted
L4 Transporter

Re: Creating New Cert from local trusted root CA

Do you have private key of same certificate inside PA ? . then only you can use the certificate for web access

View solution in original post

Highlighted
Cyber Elite

Re: Creating New Cert from local trusted root CA

No CA root cert has no private key checked.

MP
Highlighted
Cyber Elite

Re: Creating New Cert from local trusted root CA

any one can answer this?

MP
Highlighted
L7 Applicator

Re: Creating New Cert from local trusted root CA

Abdul eluded to it - you can't generate a new cert from that root without the private key. If that was a thing you could do, you could just grab GoDaddy or Letsencrypt's public root cert and create a valid cert for any domain. It's a fundamental part of PKI - ff you don't have the private key, you can't sign a new cert issued by that CA.

View solution in original post

Highlighted
Cyber Elite

Re: Creating New Cert from local trusted root CA

Many thanks for answering the question.

MP
Highlighted
Cyber Elite

Re: Creating New Cert from local trusted root CA

Besides the fact that the whole trust system of the PKI wouln't work if everyone could sign certs with a publoc key, the money-making machine of the public CA also wouln't work ;)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!