Setting up HTTPS / SSL Forward Proxy with an Intermediate internal Certificate Authority

book

Article ID: 166903

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

This KB provides simplified steps in setting up the ProxySG as an HTTPS / SSL Forward Proxy with an internal Intermediate Certificate Authority (CA).

For detailed instructions, please refer to 000008716

Resolution

You have an internal Root Certificate Authority, an Intermediate Certificate Authority (CA), and a certificate with SSL signing capability on the ProxySG.

ProxySG.key : SSL Private Key for the ProxySG

ProxySG.cer : SSL Certificate for the ProxySG

Intermediate.cer : Certificate of your Intermediate CA that was used to sign the certificate for the ProxySG

Root.cer : Certificate of your internal Root CA

 

1. ProxySG.key must be imported into the ProxySG under Management Console > Configuration tab > SSL > Keyrings > Create button > Import

Note : This can also be created by the ProxySG itself. Under this circumstance, a Certificate Signing Request must be made and signed by your internal Intermediate CA.

2. ProxySG.cer must be imported as the Certificate for the keyring created in Step 1 under Management Console > Configuration tab > SSL > Keyrings > keyring_in_step_1 > Edit > Certificate section > Import

3. Intermediate.cer must be imported into the ProxySG under Management Console > Configuration tab > SSL > CA Certificates > CA Certificates tab > Import

4. ProxySG.cer must be imported into the ProxySG under Management Console > Configuration tab > SSL > CA Certificates > CA Certificates tab > Import

5. Root.cer must be imported into the web browser