https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539329#M4885 <P>Hi Marvin,</P><P>&nbsp;</P><P>Thanks for the reply, I've been on vacation for 10 days and just getting back to this now.</P><P>&nbsp;</P><P>You are correct, that's exactly what I am trying to do. &nbsp;I did find that document, but I am having a hard time getting the format correct for the import to work. &nbsp;Should I be creating a certificate within IIS, and then exporting it with the private key and importing it into PRSM?</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Mark</P> Mon, 07 Jul 2014 13:30:59 GMT mbaker33 2014-07-07T13:30:59Z https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539327#M4883 <P>Hello,</P><P>&nbsp;</P><P>I have an internal Windows CA that we would like to use for SSL/HTTPS decryption within PRSM. &nbsp;I have attempted to export/import all of the different methods I can think of, but I can't seem to get a combination that works with PRSM.</P><P>&nbsp;</P><P>Does anyone have any input, or an article that details the steps for doing so? &nbsp;I've used OpenSSL before for similar things, but for some reason it seems like PRSM is a bit more fussy.</P><P>&nbsp;</P><P>Thanks in advance.</P><P>&nbsp;</P><P>Mark</P> Tue, 24 Jun 2014 18:42:40 GMT https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539327#M4883 mbaker33 2014-06-24T18:42:40Z https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539328#M4884 <P>Do I understand the question is how to issue PRSM a certificate using your internal Windows CA (who is a trusted root CA for your users) so that it can apply a decryption policy for SSL traffic without the users having to accept / import and new certificates in to their trusted certificate store?</P><P>If so, are you following the process documented <A href="http://www.cisco.com/c/en/us/td/docs/security/asacx/9-2/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_2/prsm-ug-cx-decryption.html#task_66E4D3F836C449AAB149BF7FE479ABC1">here</A>?</P> Tue, 24 Jun 2014 22:13:25 GMT https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539328#M4884 Marvin Rhoads 2014-06-24T22:13:25Z https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539329#M4885 <P>Hi Marvin,</P><P>&nbsp;</P><P>Thanks for the reply, I've been on vacation for 10 days and just getting back to this now.</P><P>&nbsp;</P><P>You are correct, that's exactly what I am trying to do. &nbsp;I did find that document, but I am having a hard time getting the format correct for the import to work. &nbsp;Should I be creating a certificate within IIS, and then exporting it with the private key and importing it into PRSM?</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Mark</P> Mon, 07 Jul 2014 13:30:59 GMT https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539329#M4885 mbaker33 2014-07-07T13:30:59Z https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539330#M4886 <P>The thing that confuses me is this line:</P><P>&nbsp;</P><P>"If you request a new certificate from a CA, ensure that you request a certificate that is itself a Certificate Authority. In other words, you need to have a certificate that is enabled for issuing additional “child” certificates."</P><P>&nbsp;</P><P>I'm not sure how to do this, as I've never had to do so.</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>Mark</P> Mon, 07 Jul 2014 14:29:40 GMT https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539330#M4886 mbaker33 2014-07-07T14:29:40Z https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539331#M4887 <P>I believe, to put it in Microsoft's terms, that they want you to issue the CX a certificate using the "subordinate CA" template available on Microsoft's Active Directory Certificate Services' terminology (<A href="http://technet.microsoft.com/en-us/library/cc730826(v=ws.10).aspx">link to Technet reference</A>).</P> Tue, 08 Jul 2014 03:10:27 GMT https://community.cisco.com/t5/web-security/windows-internal-ca-and-prsm/m-p/2539331#M4887 Marvin Rhoads 2014-07-08T03:10:27Z