SSL Certificate Inspection: CA Signed Cert or Self-Signed Cert?

Forum|Forum|6 years ago
March 6, 2020
1 reply
7568 views

So I am trying to setup policies and of course almost all of them require SSL inspection enabled.

I did issue the cert from the domain controller which is self-signed and imported it to the firewall.

Of course it will throw an error saying that it is not a valid ssl cert unless I install that cert as Trusted Root on all PCs. If we get a cert from trusted CA then how would that work?

Would I be using any of the following information: Public IP: xx.xxx.xxx.xxx Domain Name: xyz.local (AD Domain) or xyz.com (A domain we own). Would SSL inspection still work if I get the CA signed cert for xyz.com domain?

I am pretty new to the SSL and certificates world so I have not much of an idea how things work.

mj75

New Member

Hello,

UP subject !!

I have a same problem.

An idea ?

emnoc

New Member

1st no public CA is going to issue you a CA-root cert, that is not feasible nor a option to buy just a rootCA-cert

Your rootCA is that "your" root certificate, you just trust that in the OS or Firefox browser as a trusted rootCA and be done.

Ken Felix

sw2090

SuperUser

yeah but they do issue sub-ca certs Ken. Those can be used to sign certificates. The dark side is that this creates one more hop in certificate verification path that has to be covered :\

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded