Create Client Protection Certificate Authority elements

Client Protection Certificate Authority elements contain the credentials the engine uses to sign the certificate it generates.

If you want to inspect TLS traffic between a client in the internal network and an external server, you must create a Client Protection Certificate Authority element.

You must configure users’ browsers to trust certificates signed using the credentials in the Client Protection Certificate Authority element to avoid excessive warnings or error messages about invalid certificates.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Administration.
  2. Browse to Certificates > Certificate Authorities > Client Protection Certificate Authorities.
  3. Right-click Client Protection Certificate Authorities, then select New Client Protection Certificate Authority.
  4. Enter a unique name Name.
  5. (Optional) Enter the Validity time (in minutes) for the substitute certificates the engine creates.
    Each substitute certificate expires at the end of the validity time, and the engine automatically generates a new certificate. This process might produce warnings or error messages in the users’ web browsers. To avoid excessive warnings, define a sufficiently long validity time, for example, several hours.
    Note: All fields except the Name and Validity time on the General tab are grayed out. The grayed out fields are always filled in automatically based on information contained in the certificate you generate or import, and you cannot change them.
  6. On the Certificate tab, import an existing private key and certificate or generate a new private key and signing certificate.
  7. Click OK.

Client Protection Certificate Authority Properties dialog box

Use this dialog box to configure the certificate authority (CA) for client protection.

Option Definition
General tab
Name The name of the element.
Subject Name The identifier of the certified entity.
Issuer The issuer of the certificate.
Public Key Algorithm The public key algorithm that was used to sign the certificate.
Key Length The length of the key in bits.
Serial Number The sequence number of the certificate. The number is issued by the CA.
Signature Algorithm The signature algorithm that was used to sign the certificate.
Signed by The CA that signed the certificate.
SubjectAltName The alternative subject name of the certified entity.
Valid From Shows the start date of certificate validity.
Valid To Shows the end date of certificate validity.
Fingerprint (SHA-1) Shows the certificate fingerprint using the SHA-1 algorithm.
Fingerprint (SHA-256) Shows the certificate fingerprint using the SHA-256 algorithm.
Fingerprint (SHA-512) Shows the certificate fingerprint using the SHA-512 algorithm.
Validity time Specifies the length of time that the certificate is valid.
Option Definition
Certificate tab
Generate Opens the Signing Certificate Details dialog box.
Import (Private Key) Opens a file browser to import a private key file.
Import (Certificate) Opens a file browser to import a certificate file.
Export Exports the certificate.