Create a certificate for CA device that is signed by Internal root CA


Article ID: 171713


Updated On:


Content Analysis Software - CA


You wish to use a certificate that is signed by internal root Certificate Authority (CA) and not the self-signed certificate that can be generated on the Content Analysis (CA).

Un trusted certificate exception page presented by Firefox:


If you use the default self-signed certificate or even generate a new certificate you will get an error about the certificate not being trusted.

This can be fixed by adding this self-signed certificate to the trusted certificate store on the clients but its a much simple task to get the certificate signed by the internal root CA.


The CA device lacks the capability to create a private key and a Certificate Signing Request (CSR) that can be signed by other device. For this reason you have the create the two off the device using for example OpenSSL and export the certificate and the private key using P12 file. The Process to complete this is below:

#Create the private key
openssl openssl -out private.key 2048
#Create the CSR
openssl req -new -sha256 -key private.key -out MY.csr
#Take the CSR then and ask MVM to sign with root CA using web server template
#take the private key and the crt/cer and create P12 file- you will be asked to create a password on the export
openssl pkcs12 -export -inkey private.key -in CA.cer -out keystore.p12


Once you have the p12 file you can import it into CA device via the WebGUI > Settings > Web Management > Certificate Management >