cancel
Showing results for 
Search instead for 
Did you mean: 
puliyadim
Level 7

MWG 7 Root CA

Hello,

In our MWG deployment, we have enabled SSL scanning and we are using MWG root CA on the client machines. When a CERT is being generated, we have an option to select the validity period (say 10 yrs) and accordingly the CERT is being generated. However when this CERT is exported and used in client browser and when a SSL enabled website is being accessed, the CERT validity period shows1 yr. But the root CERT validity still shows 10 yrs. Pl refer to the attached images.

In this is the case, do need to regenerate the CERT every yr and push it to client machines? If anyone is aware of the CA process pl explain.

Rgds,

Dinesh

0 Kudos
1 Reply
McAfee Employee

Re: MWG 7 Root CA

Hello again

the process is:

A root CA is created

This root CA is empowered to create certificates for other servers

In case the CA is unknown to the browsers, these will prompt for certs issues by this CA. Whereas if the CA is known to the browsers a trust has been built and the broswers won't prompt for certs comming from server.

So if the CA is trusted, there is no need to reimport any server certs, even if they are regenerated.

For you case, just import the CA and you will be fine for the next 10 years.

thanks,

Michael

0 Kudos