I assume you are doing this for the CA? See link below for converting the file to the correct formats.
Web Gateway: How to create and import a Microsoft Subordinate Certificate Authority (Sub CA) for MWG7 - https://kc.mcafee.com/corporate/index?page=content&id=KB75037
Yes I am doing this for the CA. My CA isn´t it for Microsoft, instead of IZENPE, but I think it is the same.
When I am importing into the MWG7 that there are in cluster, give me an error.
CORE: CHost: Engine ´com.scur.engine.proxy´ did not accept configuration with name ´SSL Navegacion HEzkUntz CA´(4 Nodes)
I think that I know what happend.
The problem is that I have a certifie for a CA intermediate, and when I am making the chain file I have an error.
Could be because I need run the CA, CA intermediate and certificate really??
I am not sure how to do that, but I´ll try it.
I don't quite understand the comment.
In general you need the certificate file in a file of its own. Then you need all of the links in the chain in it's own file.
As a troubleshooting step, I would advise importing just the ca cert and key (without the chain file), to see if it saves. This will help you know if it truley is the chain, or perhaps the key file that needs conversion.
Now I get. The problem is that I don´t have the root CA in the appliance.
When I put the root CA and middle CA I get import my pkcs12 as you said.
Thank you very much.
I can import a root certificate authority for signing the certificates the appliance sends to its clients
but When I activate the SSL Scanner, It is like I can not use my root CA instead of the default certificate authority.
I change in the set client context in the enable SSL client context with CA for my root CA. But when I am browsing https page I can see the message about certificate validation
If I disable the "certificate verification rule" everything works fine.
Any ideas how to resolve the issue??
It sounds like you have not imported the certificate and key in to the setting which is actually being used.
Or your browser just doesnt trust the CA you imported.
Disabling certificate verification just disables SSL scanning, so you are just masking the issue.