This KB provides simplified steps in setting up the ProxySG as an HTTPS / SSL Forward Proxy with an internal Intermediate Certificate Authority (CA).

For detailed instructions, please refer to Configure the ProxySG for SSL Interception and Authentication using an SSL certificate issued from a Microsoft PKI server

You have an internal Root Certificate Authority, an Intermediate Certificate Authority (CA), and a certificate with SSL signing capability on the ProxySG.

ProxySG.key : SSL Private Key for the ProxySG

ProxySG.cer : SSL Certificate for the ProxySG

Intermediate.cer : Certificate of your Intermediate CA that was used to sign the certificate for the ProxySG

Root.cer : Certificate of your internal Root CA

1. ProxySG.key must be imported into the ProxySG under Management Console > Configuration tab > SSL > Keyrings > Create button > Import

Note : This can also be created by the ProxySG itself. Under this circumstance, a Certificate Signing Request must be made and signed by your internal Intermediate CA.

2. ProxySG.cer must be imported as the Certificate for the keyring created in Step 1 under Management Console > Configuration tab > SSL > Keyrings > keyring_in_step_1 > Edit > Certificate section > Import

3. Intermediate.cer must be imported into the ProxySG under Management Console > Configuration tab > SSL > CA Certificates > CA Certificates tab > Import

4. ProxySG.cer must be imported into the ProxySG under Management Console > Configuration tab > SSL > CA Certificates > CA Certificates tab > Import

5. Root.cer must be imported into the web browser