SSL warning message pop up frequently when browsing to https website
In this case, the certificate used for the SSL Intercept will be imported to the client browser as Root Certificate Authority. In this example, we are going to generate a new keyring rather than using the “default” keyring.
1. Creating a new keyring
ProxySG Web Management Console > Configuration > SSL > Keyrings > Create > Provide an appropriate name, example “sslproxy” > Click on “show keypair” (enabling this would allow you to backup the certificate by allowing view to the keypair of the specific keyring) > OK
2. Creating a new certificate for the new keyring.
You should now be able to view the new keyring listed on the SSL keyring screen. Click on that new keyring, in this example “sslproxy” > Press edit/view > A new screen will pop up > On the “Certificate” portion > Click “Create” > A new screen will pop up > Vital Info required in generating this certificate
a. Country Code – internet code for the specific country, e.g: MY for Malaysia b. Common Name – IP address of the proxy which will be used for SSL intercept. c. Challenge – Challenge key for the Certificate, keep a record of this as it will be needed when restoring this certificate back in case a full system recovery is needed and you would like to retain the same certificate. d. Other info are not compulsory but good to fill in.
Press Ok after filling in all vital information > On main screen > Press Apply
Please take note that “State”, “Country”, “Organization”, “Unit” and “Common Name” must be same as DEFAULT keyring. Challenge (password) can be modified.
3. Optional steps, performing a backup of the certificate and keypair
Require SSH or serial console connection to the ProxySG. Keypair portion need to copy starting from -----BEGIN RSA till END RSA PRIVATE KEY-----, the certificate generated by the keypair can be either obtain through web management console or through CLI, bellow is an example on how to obtain it through CLI.
ProxySG> ProxySG>en Enable Password: ProxySG# ProxySG#conf t
Enter configuration commands, one per line. End with CTRL-Z.
In this example, this is done manually on a Internet Explorer and Firefox. Before proceeding with this, we may require the copy of the certificate saved from earlier steps.
a. Internet Explorer 6 Tools > Internet Options > Content > Certificates > Trusted Root Certificates Authorities > Import > Next > Filename > Point to the certificates files saved earlier > Change the file types to all on the windows explorer screen > Next > Next > Finish
b. Firefox Tools > Options > Encryption > View Certificates > Authorities > Import > Point to earlier saved certificates files > Checked on the first option which to “Trust this CA to identify web sites”.
Imported Document ID: 000011137
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.