This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection With Subordinate CA

I was researching the idea of using a subordinate CA in Web Protection for HTTPS decryption and scanning.  The idea behind this is that, instead of trying to deploy/re-deploy a new certificate for this to function, that I would use a subordinate CA created using the root CA that is already trusted on my network.  See the following links for details regarding other web appliances:

https://www.websense.com/content/support/library/web/v76/wcg_help/ssl_sub_ca.aspx

Here is a link from Godaddy regarding just for informational purposes:

https://www.godaddy.com/help/what-is-an-intermediate-certificate-868

In any event, I attempted this with generically named cert, a wildcard cert, and a cert with the fqdn of my utm.  Unsuccessful.  I still get certificate errors when browsing secure websites with SSL decrypt and scan enabled.  Is the SSL decryption and scanning engine so fundamentally different in its implementation that this does not work or is that, actually, a bug?


It would be nice to get this working since it means not having to deploy/re-import another certificate through the network.



This thread was automatically locked due to age.
Parents Reply Children
No Data