It may be noticed that ECC (Elliptic Curve Cryptography) or RSA based SSL / TLS sites are not able to be decrypted on the SSL visibility device. These connections may appear to be cut through even though there is no cut-through rule.
The SSL Visibility device will need two resigning certificates to be able to intercept and decrypt all ciphers. One for RSA, and another for Elliptical Curve cipher. If one of these are missing, it will need to be created and added.
In this example we are creating a missing ECC key for resigning.
Step 1 - Create a new signing cert for Eliptical Curve resigning:
In the SSL Visibility Management Console > PKI > Resigning Certificate Authorities
Click on the Red Seal to create a new certificate.
Make sure Key type is set to EC.
Fill out the certificate
If needed, you may need to get the certificate signed and cert imported by your internal Root CA signing authority.
Step 2 - set this new Elliptical Curve cert for use:
under: Policies > Rulesets find the ruleset section
Click the pencil icon to edit, and set Default EC Internal Cert Authority to the Certificate that was created in step 1.
Imported Document ID: 000032069
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.