- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-05-2014 09:35 PM
Hi,
I have created a certificate from my local CA and also have imported the CSR from PA to the local CA, created the
identity certificate, all is well, but it seems I am not able to "Check Box" the "Forward Trust Certificate" on the PA.
This it seems is a necessary step while configuring SSL offloading.
Any clues on what needs to be done ....
Please see attached.
Regards,
Tauseef
07-05-2014 11:13 PM
Hi RZ,
If certificate is selfsigned Root Certificate then option for "Forward Trust Certificate" & "Foreard Untrust Certificate" are Enabled. For selfsigned Root Certificate refer following image.
In your case you may not have checked option for Root Certificate. Apart from "self signed Root Cert", Suboardinate Root Certificate is supported for requested option.
Fore more information on SSL certificate refer bellow link. Go through Page 14 for certificate request.
Regards,
Hardik Shah
07-05-2014 11:13 PM
Hi RZ,
If certificate is selfsigned Root Certificate then option for "Forward Trust Certificate" & "Foreard Untrust Certificate" are Enabled. For selfsigned Root Certificate refer following image.
In your case you may not have checked option for Root Certificate. Apart from "self signed Root Cert", Suboardinate Root Certificate is supported for requested option.
Fore more information on SSL certificate refer bellow link. Go through Page 14 for certificate request.
Regards,
Hardik Shah
07-05-2014 11:20 PM
If certificate is not "self signed root CA" or "Subordinate Root CA" than it can not generate new certificate.
thats why non-Root CA cert doesnt work in decryption.
07-06-2014 12:47 AM
Hi,
I already have a local Microsoft Root CA in our Network.
Does this mean that I have to make my device PA as Sub-CA to this Root CA ??
If so, are there any documentation on how to make my PA a sub CA to my local Root CA ?
Regards
RZ
07-06-2014 01:37 AM
Also,
What way can I monitor or have an historical view of "SSL Decrypted" statistics.... ?
How can I know how many sessions are currently decrypted for which users and so on ?
Please advise
07-06-2014 03:05 AM
See the instructions in this document to use your MS CA with SSL decryption.
How to Implement Certificates Issued from Microsoft Certificate Services
You can check the general statistics using:
>debug sslmgr statistics
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!