ProxySG & Advanced Secure Gateway

 View Only

  • 1.  External Certificate for Interception

    Posted Jul 19, 2018 09:15 PM

    Hi,

     

    We want to use our external certificate on proxy for SSL Interception , we dont to have CER or CSR certificate.

     

    ALso need to know the step of pushing External certificate on proxy.



  • 2.  RE: External Certificate for Interception

    Posted Jul 19, 2018 09:22 PM

    Hi,

    We want to use our external certificate on proxy for SSL Interception , we dont want to have CER or CSR certificate.

     

    How to identify our external certificate can be use for SSL Interception ?

    ALso need to know the step of pushing External certificate on proxy.



  • 3.  RE: External Certificate for Interception
    Best Answer

    Posted Jul 19, 2018 10:46 PM

    Hi Aboo,

     

                      Irrespective of the certificate source, it should have certificate signing power. i.e CA power. Well known CAs won't give you a cert with SubCA power due to security as well as Business reasons. This is the reason why it is required to create a cert locally either on proxy or on local CA server.

     

                      Also having this certificate trusted by browsers/applications is one requirement in SSL Interception. This is not just with ProxySG. Applies any device which uses local certs for SSL Interception.



  • 4.  RE: External Certificate for Interception

    Posted Jul 19, 2018 11:05 PM

    Dear Aravind,

     

    Suppose if i have one external certificate how can identify it has Sub CA power?

    Can you let me know where in proxy i need to put ?



  • 5.  RE: External Certificate for Interception
    Best Answer

    Posted Jul 20, 2018 12:17 AM

    Hi Aboo,

          Easy way would be to open the cert and check the KeyUsage or Basic Constraints field as in the screenshots below