How do I utilize my Microsoft CA server with my SSL Visibility Appliance?


Article ID: 168559


Updated On:


SSL Visibility Appliance Software


To utilize a Microsoft AD server with the SSL Visibility appliance, take the following steps.
From the PKI menu on the SSL Visibility appliance, Generate  a Certificate Signing Request, to be imported on to your MS CA server.  If you MS CA server is root CA, all clients in the domain should trust it. 
Copy the contents of the CSR.

Generate CSR image

Next, go to the MS CA. This examples uses a web based GUI.  Blue Coat recommends using Firefox over Chrome. 

You must be an Administrator, and to sign in to the domain with domain\user.  If you do not sign in using domain\user, you will not see the Submit an advanced certificate request option on the second page of of the requesting a certificate process. 

Choose Request a certificate.

Request certificate from AD CA server
Choose Advanced certificate request.

Advanced certificate request
Paste the key into the Saved Request text box. 
Choose a Certificate Template of Subordinate Certification Authority, and click Submit.

Submit CR image
Choose the DER encoded radio button, then Download certificate.

DER encoded image
Now go to the SSL Visibility appliance > PKI > Choose Local Resigning Certificate Authorities,  and click Install Certificate.

PKI screen on SSLv
When the window opens, choose the certificate file you downloaded from the MS CA server, and click Add
Next, click Apply on the
SSL Visibility appliance

Install on SSLv
Apply the resigning CA in your policy via your Ruleset and Decrypt rule.

Edit Rule image