When I try to import such certificate I get "Only self signed CA cert can have identical sub and issuer fields" error.
The certificate is not from CA server so I don't have "Back up CA" option as described here:
I'm aware of this discussion but it's for SAML and it doesn't give answer to basic question as stated in this sbject:
So how can I import a certificate with same subject and issuer field but is not marked as CA? It's a self signed certificate from MS Exchange server which is required for decryption.
For decryption, it is needed both the public AND the private key.
For a Windows server, I did a quick search and these seem like the correct steps:
Once you export the certificate with private key (probably PKCS#12), you can then import the certificate in its entirety.
Hi @santonic ,
That is a great question. I assume you are doing Inbound SSL Decryption and the cert is for the inbound Exchange server. I did not know the NGFW would not import self-signed certs that were not a CA. Could you please let us know the resolution from TAC?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!