Export Client Protection CA certificates

To make the users’ web browsers trust the engine’s signing certificate, you must add the Client Protection CA certificate to trusted certificates.

If the users’ web browsers are not configured to trust the engine’s signing certificate, users receive warnings about invalid certificates. If you generated the signing certificate for client protection in the SMC, you must export the certificate. You must also add it to the list of certificate authorities that are trusted by the users’ web browsers.

If you have integrated the SMC with McAfee ePO, you can also export a Client Protection CA certificate to the McAfee ePO server. The McAfee ePO server can then deploy the certificate on the Windows-based endpoints that it manages. For more information about the necessary configuration steps in the McAfee ePO user interface, see McAfee ePO product documentation.

These instructions assume that you already have the Client Protection Certificate Authority Properties dialog box open.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Administration.
  2. Select Certificates > Certificate Authorities > Client Protection Certificate Authorities.
  3. Open the Client Protection Certificate Authority Properties dialog box in one of the following ways:
    • Right-click Client Protection Certificate Authorities, then select New Client Protection Certificate Authority.
    • Right-click a Client Protection Certificate Authority element, then select Properties.
  4. Click the Certificate tab.
  5. Click the Export option for the Certificate field, then browse to the location where you want to save the file.
    When you are finished configuring TLS inspection in the SMC, add the exported certificate to the list of certificate authorities that are trusted by users’ web browsers.

Client Protection Certificate Authority Properties dialog box

Use this dialog box to configure the certificate authority (CA) for client protection.

Option Definition
General tab
Name The name of the element.
Subject Name The identifier of the certified entity.
Issuer The issuer of the certificate.
Public Key Algorithm The public key algorithm that was used to sign the certificate.
Key Length The length of the key in bits.
Serial Number The sequence number of the certificate. The number is issued by the CA.
Signature Algorithm The signature algorithm that was used to sign the certificate.
Signed by The CA that signed the certificate.
SubjectAltName The alternative subject name of the certified entity.
Valid From Shows the start date of certificate validity.
Valid To Shows the end date of certificate validity.
Fingerprint (SHA-1) Shows the certificate fingerprint using the SHA-1 algorithm.
Fingerprint (SHA-256) Shows the certificate fingerprint using the SHA-256 algorithm.
Fingerprint (SHA-512) Shows the certificate fingerprint using the SHA-512 algorithm.
Validity time Specifies the length of time that the certificate is valid.
Option Definition
Certificate tab
Generate Opens the Signing Certificate Details dialog box.
Import (Private Key) Opens a file browser to import a private key file.
Import (Certificate) Opens a file browser to import a certificate file.
Export Exports the certificate.