When logging into the SSLV's WebUI an Untrusted Certificate warning is displayed in the browser.
This warning is displayed since the SSLV uses an internally generated self-signed certificate by default. There are two ways that the browser can be made to trust the SSLV's certificate.
The first option is to import the SSLV's self-signed certificate into the browsers list of trusted certificates. This option will prevent the warning message from being displayed on individual browsers.
The second option requires the use of an Internal Certificate Authority that is already trusted and loaded into the browsers certificate store. The Internal CA can be used to sign a certificate that was created for logging into the SSLV's WebUI. Assuming that the Internal CA's certificate has already been loaded into the browsers certificate store this option will prevent the warning message from being displayed on a larger scale. To create and import a trusted key & certificate used for logging into the SSL Visibility's WebUI please follow the steps below.
1. Generate a private key (or use an existing private key) with a tool such as openssl openssl genrsa -out privkey.pem 2048
2. Generate a Certificate Signing Request (CSR) using the private key and enter the requested information openssl req -new -key privkey.pem -out SSLV.csr
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:CA Locality Name (eg, city) :SVL Organization Name (eg, company) [Internet Widgits Pty Ltd]:BlueCoat Systems Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) :sslv.bluecoat.com Email Address :
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
3. Send the CSR to the internal team responsible for the internal CA server so that it can be signed. 000008716 provides the steps when using a Microsoft Certificate Authority server
4. Once signed export the signed certificate from the CA server in Base 64 format
5. From the SV web interface, import the private key (it must be unencrypted) and the signed certificate. Under most circumstances it works best if the "Paste Text" option is used
6. Once the certificate and key are successfully added to the SSLV reboot to apply the changes
Imported Document ID: 000008818
Subscribing will provide email updates when this Article is updated. Login is required.