Creating a certificate signing request for a custom intermediate certificate authority
Last Modified: 2023-12-13 11:14:57 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Creating a certificate signing request for a custom intermediate certificate authority
Technical Articles ID:
KB94034
Last Modified: 2023-12-13 11:14:57 Etc/GMT Environment
Skyhigh Web Gateway (SWG) 10.x, 8.x, 7.8.x
SummaryThis article describes how to create a certificate-signing request (CSR) for a custom intermediate certificate authority (for HTTPS Inspection) or server certificate.
With SWG, typically, there are two types of SSL certificates that are needed and that you might want to have officially signed:
You might want to use a custom intermediate certificate authority for HTTPS inspection instead of the default self-signed one that's shipped with the product. When using HTTPS inspection, SWG acts as a man-in-the-middle for the HTTPS connection and replaces the certificate provided to the user. The CA then signs the certificate. The server certificate can be used to secure access to SWG. For example, when accessing the user interface, intercepting a connection in a reverse proxy environment, or securing the connection to the ICAP server. NOTE: To use the certificate, the third-party CA must sign the CSR. The private key and CSR created below aren't sufficient. IMPORTANT:
SolutionTo configure a custom intermediate CA or server certificate, you need the private key and the certificate. The following steps create the private key and CSR. The CSR is sent to the signing CA. After it's signed, the signing CA sends the certificate.
The following steps can be followed on every device running a recent version of the OpenSSL toolkit. We recommend connecting to a system running SWG via SSH or command line, and running the steps. The example steps outlined below were performed on such a device. These steps might differ on other devices.
Attachment 1Attachment 2Affected ProductsLanguages:This article is available in the following languages: |
|