Import private keys and signing certificates for client protection

If you already have a certificate authority that is trusted by users’ web browsers, you can import its private key and signing certificate. The engine uses them when it signs the substitute certificates it creates.

Importing a private key and certificate removes the need to separately configure users’ web browsers to trust the engine’s signing certificate. You can also import a private key and signing certificate that you generated outside of the SMC even if you do not already have a certificate authority that is trusted by users’ web browsers. The certificate and the associated private key must be compatible with OpenSSL and be in PEM format. Make sure that the private key and certificate are accessible from the computer where you use the Management Client.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Administration.
  2. Select Certificates > Certificate Authorities > Client Protection Certificate Authorities.
  3. Right-click Client Protection Certificate Authorities, then select New Client Protection Certificate Authority.
  4. Click the Certificate tab.
  5. Next to the Private Key field, click Import, then browse to the private key.
  6. Next to the Certificate field, click Import, then browse to the certificate.
    If users’ web browsers are not already configured to trust the certificate authority whose signing certificate you imported here, add it to the list of certificate authorities that are trusted by users’ web browsers when you are finished configuring TLS inspection in the SMC.

Client Protection Certificate Authority Properties dialog box

Use this dialog box to configure the certificate authority (CA) for client protection.

Option Definition
General tab
Name The name of the element.
Subject Name The identifier of the certified entity.
Issuer The issuer of the certificate.
Public Key Algorithm The public key algorithm that was used to sign the certificate.
Key Length The length of the key in bits.
Serial Number The sequence number of the certificate. The number is issued by the CA.
Signature Algorithm The signature algorithm that was used to sign the certificate.
Signed by The CA that signed the certificate.
SubjectAltName The alternative subject name of the certified entity.
Valid From Shows the start date of certificate validity.
Valid To Shows the end date of certificate validity.
Fingerprint (SHA-1) Shows the certificate fingerprint using the SHA-1 algorithm.
Fingerprint (SHA-256) Shows the certificate fingerprint using the SHA-256 algorithm.
Fingerprint (SHA-512) Shows the certificate fingerprint using the SHA-512 algorithm.
Validity time Specifies the length of time that the certificate is valid.
Option Definition
Certificate tab
Generate Opens the Signing Certificate Details dialog box.
Import (Private Key) Opens a file browser to import a private key file.
Import (Certificate) Opens a file browser to import a certificate file.
Export Exports the certificate.