To create an SSL certificate on the ProxySG to be signed by an internal Certificate Authority, you must first configure a Certificate Signing Request keyring by performing the following steps:
- Go to Management Console > Configuration Tab > SSL > Keyrings
- Click the Create button
- Type a name in the Keyring Name field (ex: CA_Cert)
- Click OK (if you leave the default setting of "Do not Show Key Pair" you will not be able to copy this keyring to a new device if you should need to in the future)
- Click Apply (you will then receive a message stating that changes were committed)
- Click OK
- Select the newly created keyring from the list of Keyrings
- Click the Edit/View button
- Make sure that your new keyring is selected from the Keyring drop-down
- Click the Create button in the Certificate Signing Request section
- Enter all the information associated with your company in the Create Certificate dialog box (in the Common Name field enter the IP address of the ProxySG; in the Challenge field, you may type anything you want, ex: 123456)
- Click OK
- Click Close
- Click on Apply (you will then receive a message stating that changes were committed)
- Click OK
- Click Edit/View
- Copy the certificate from Certificate Signing Request section
- Send the certificate signing request to the internal Certificate Authority to have it signed
For steps on how to proceed once you have the the CSR signed by your internal CA, please go to
Configure the SSL proxy on the ProxySG for transparent interception and authentication using an SSL certificate issued from a Microsoft PKI server
How to set up Transparent SSL Forward Proxy with Authentication
How to set up Explicit SSL Forward Proxy with Authentication