09-12-2019 03:42 PM - edited 09-12-2019 03:43 PM
I have a wildcard certificate that already works for global protect portal and gateway.
I would like to make this trusted certificate to be used for SSL decryption (forward-proxy mode) but I can't make any of those certificate to be Forward Trust Certificate because the checkbox is greyed out.
So, is it possible to use wildcard certificate as forward trust certificate? if yes, how to do that?
Thanks in advance
09-13-2019 07:09 AM
You can not user the wildcard certificate nor the other ones for forward trust.
09-12-2019 10:51 PM
Hey,
It needs to be a certificate of the type CA, then you should be able to use it as a forward trust certificate.
kr,
Tommy
09-12-2019 11:21 PM - edited 09-12-2019 11:22 PM
I couldn't quite understand what do you mean by type CA (I'm not really familiar with certificates). Is there any info that I not included in question that I should provide to determine whether is it possible or not using my current certificate as forward trust certificate?
In case you mean that it is possible with my certificate to set it as forward trust certificate, how could I do that? because as I state in the question, I can't set it because it is greyed out and I don't know the reason why is it greyed out.
09-13-2019 12:12 AM
The reason for it being greyed out is because the certificate is not a CA one ( CA column not checked ). A CA or intermediate CA can sign certificates. Your wildcard certificate is signed by Cert Comodo Int1 and this is signed by cert Comodo Int2, etc...
In order to do SSL inspection you need to have a certificate that can sign certificates on behalf of the intercepted webiste to present to the end-users. So you just need to create yourself a root or intermediate CA ( preferably ) to use as a forward trtust certificate. Easiest is if you have a Microsoft AD you can use the MS PKI and create one here. The certificate will already be trusted by your AD members. Otherwise just use openSSL and have the CA certificate imported in the windows certificate store and if using Firefox certificate store.
kr,
Tommy
09-13-2019 06:18 AM
I see, please confirm this, so I can't use my current certificates (Cert COMODO Root, COMODO Int1, COMODO Int2 or wildcard which is signed by COMODO) to use as forward trust certificate, right?
I will close my questions (accept solutions) once this confirmed.
Thanks.
09-13-2019 07:09 AM
You can not user the wildcard certificate nor the other ones for forward trust.
09-14-2022 10:34 PM
Hi Team,
Can I use wild card Certificate for Decryption Policy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
