This KB provides simplified steps in setting up the ProxySG as an HTTPS / SSL Forward Proxy with an internal Intermediate Certificate Authority (CA).
For detailed instructions, please refer to Configure the ProxySG for SSL Interception and Authentication using an SSL certificate issued from a Microsoft PKI server
You have an internal Root Certificate Authority, an Intermediate Certificate Authority (CA), and a certificate with SSL signing capability on the ProxySG.
ProxySG.key : SSL Private Key for the ProxySG
ProxySG.cer : SSL Certificate for the ProxySG
Intermediate.cer : Certificate of your Intermediate CA that was used to sign the certificate for the ProxySG
Root.cer : Certificate of your internal Root CA
1. ProxySG.key must be imported into the ProxySG under Management Console > Configuration tab > SSL > Keyrings > Create button > Import
Note : This can also be created by the ProxySG itself. Under this circumstance, a Certificate Signing Request must be made and signed by your internal Intermediate CA.
2. ProxySG.cer must be imported as the Certificate for the keyring created in Step 1 under Management Console > Configuration tab > SSL > Keyrings > keyring_in_step_1 > Edit > Certificate section > Import
3. Intermediate.cer must be imported into the ProxySG under Management Console > Configuration tab > SSL > CA Certificates > CA Certificates tab > Import
4. ProxySG.cer must be imported into the ProxySG under Management Console > Configuration tab > SSL > CA Certificates > CA Certificates tab > Import
5. Root.cer must be imported into the web browser