cancel
Showing results for 
Search instead for 
Did you mean: 
fredgt3
Level 7

Global Certificate List import

Hello,

We would like to import Global Certificate List from 6.9 version to 7.2 version by using List converter tool.

Is it possible to do that ? We don't see the certificate for https website.

Do you have a procedure to import the list ?

Thanks for your help !

0 Kudos
4 Replies
eelsasser
Level 15

Re: Global Certificate List import

The trusted CAs are exported using the listConverter under the HTTPSProxy.TrustedCAS:

Capture.jpg

and they are imported into a Certificate Authority list on version 7:

Capture2.jpg

0 Kudos
fredgt3
Level 7

Re: Global Certificate List import

Hello,


Thanks for your response but I want to import Global Certificate List not the Trusted CA.

Is it possible ?

Thanks

1.png

0 Kudos
fredgt3
Level 7

Re: Global Certificate List import

Nobody ?

0 Kudos
eelsasser
Level 15

Re: Global Certificate List import

I think I answered this offline via your SE, but for the benefit of everyone else...

The actual certificates in the Global Certificate list do not get stored on MWG 6.x directly. Only the SHA1 thumbprints get stored.

Capture.png

So in order to do something similar, you could create rules that use the hash instead.

Rule Criteria:

SSL.Server.Certificate.SHA1Digest is in list Certificate Hash Whitelist

Capture2.png

and paste the hashes into the appropriate string list.

Capture3.png

You should have the functional equivalent of MWG6 using the SHA1 hashes instead of the entire certificate.