topic Re: using WSA generated CSR to get sign via Public CA (GoDaddy) for HTTPS Decryption ? in Web Security

using WSA generated CSR to get sign via Public CA (GoDaddy) for HTTPS Decryption ?

hashimwajid1 — Thu, 30 May 2019 23:59:48 GMT

Hi Team,

can we use WSA own self generated CSR to get sign via Public CA (GoDaddy) and use it for all Users/Contractors/Mobile devices ?

we dont have any Internal CA and want decryption for all Users Domain/Guest

Thanks

Re: using WSA generated CSR to get sign via Public CA (GoDaddy) for HTTPS Decryption ?

Rob Ingram — Fri, 31 May 2019 06:27:29 GMT

Hi,
No, that is not possible. When doing HTTPS/SSL Decryption, the certificate used must be a "Subordinate CA" type certificate. This certificate isn't your typical certificate and a public CA like GoDaddy isn't going to issue one.

HTH

Re: using WSA generated CSR to get sign via Public CA (GoDaddy) for HTTPS Decryption ?

hashimwajid1 — Sat, 01 Jun 2019 10:27:47 GMT

Hi RJI,

thanks for the comments

then how can we achieve Decryption for Guest/Contractor without getting any certificate error. we want all Guest/Contractor traffic via Proxy only.

Thanks

Re: using WSA generated CSR to get sign via Public CA (GoDaddy) for HTTPS Decryption ?

Ken Stieers — Sat, 01 Jun 2019 13:01:36 GMT

You have to make the cert available for them to install or not decrypt their traffic.