cancel
Showing results for 
Search instead for 
Did you mean: 
ozz
Level 7

SSL Scanner- Set client context (Certificate)

Jump to solution

I've a problem with the untrusted certificate that issued by MWG...that is I've to import it on each end-point browser as a trusted CA !!
I tried to to use trusted certificate (from Verisign, Go daddy) and to import it on the appliance (POLICY-SSL Scanne-handle connect call-set client context-event-default CA-import) and even it's trusted ..the problem on the browser remained (the certificate path is not correct)...

actually it is not logic to add the certificate on each end-point and even If doing that by domain (I've laptops and portal devices) !!

any suggestions PLEASE !!

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: SSL Scanner- Set client context (Certificate)

Jump to solution

Yes. If you do any type of SSL scanning, you must install a CA certificate on each workstation to avoid certificate warnings.

If there is already an internal CA that you have where the root certificate is already installed on the client, then you can have that same root CA create a subordinate CA that can be put on MWG.

You cannot use a public certificate from a public CA to do this.

There is no way around this. All SSL interception products from all vendors work the same way. This is how SSL works.

4 Replies
eelsasser
Level 15

Re: SSL Scanner- Set client context (Certificate)

Jump to solution
0 Kudos
ozz
Level 7

Re: SSL Scanner- Set client context (Certificate)

Jump to solution

hello eelsasser ,

I've read these articles,but still cofused !!

DO I have to install the certificate on each end-point ?!!

0 Kudos
eelsasser
Level 15

Re: SSL Scanner- Set client context (Certificate)

Jump to solution

Yes. If you do any type of SSL scanning, you must install a CA certificate on each workstation to avoid certificate warnings.

If there is already an internal CA that you have where the root certificate is already installed on the client, then you can have that same root CA create a subordinate CA that can be put on MWG.

You cannot use a public certificate from a public CA to do this.

There is no way around this. All SSL interception products from all vendors work the same way. This is how SSL works.

ozz
Level 7

Re: SSL Scanner- Set client context (Certificate)

Jump to solution

Thank you eelsasser..you were so patient to me

it's now clear !

0 Kudos