topic WSA & Certificate Query in Web Security

WSA & Certificate Query

peng — Mon, 05 Jan 2015 14:37:46 GMT

I will be setting up four WSA for a guest environment and a enterprise environment.

For the guest environment what certificate do I upload to the WSA? A enterprise root certificate or wildcard certificate?

Any direction you can provide would be appreciated.

Thanks

What will you be using

Jernej Vodopivec — Mon, 05 Jan 2015 14:47:21 GMT

What will you be using certificate for? For https inspection?

If you'd like to inspect SSL traffic for guest users you'll need to manually deploy CA certificate to client computers (under Truster Root CAs) so I wouldn't recommend you to do https inspection for guests at all. If you won't deploy CA certificate to client computer they'll get invalid certificate warning when establishing secured session.

HTTPS inspection is usually done to inspect corporate traffic where you're able to deploy certificate through GPO for example.

Jernej, Yes this is for https

peng — Mon, 05 Jan 2015 14:59:53 GMT

Jernej,

Yes this is for https inspection for guest and will then eventually be used in the corporate environment.

In regards to the client receiving an invalid certificate if I don't deploy a CA certificate, would the same happen for a wildcard certificate.

Aim is to have the guest clients to go through the https inspection process, what is the best way of doing this or certificates I can use?

The wildcard certificate

Jernej Vodopivec — Mon, 05 Jan 2015 15:14:44 GMT

The wildcard certificate wouldn't solve the problem. You have to deploy WSA's certificate to clients in some way.

Do it manually - you can put instructions that guest users needs to deploy certificate to their computers (and put link to the certificate along with these instructions) on hotspot portal for wireless users?

Or automatically - through GPO for enterprise clients.