Hi, I'm trying to install the certificate for HTTPS Proxy on WSA.
the environment is not using private CA so no options for this.
I was going to use third party certificate like verisign, but they don't allow to use 1024 bit CSR which WSA is generating.
then, I have only option to upload certificate and key.
I have trusted certificate, but do not have the matched key. is there anyway I can get it ?
also, the certificate has to be a signing certification, is that mean the certificate is root certificate or trusted certificate ??
then How do I get the key for it ?
The certificate required in the WSA for HTTPS proxy is root certificate.
Please see the previous discussion about the same topic
Posted already in some other thread, but repeating here.
You could try the following steps (with openssl):
Generate the key:
openssl genrsa -des3 -out cakey.pem 2048
Generate the certificate (Valid for 10 Years):
openssl req -new -x509 -extensions v3_ca -key cakey.pem -out cacert.pem -days 3650
Remove the passphrase from the key:
openssl rsa -in cakey.pem -out cakey_nopass.pem
Later the certificate (cacert.pem) and key (cakey_nopass.pem) may be imported on the WSA.
Be aware about the performance impact caused by 2048bit certificate. It may influence it a lot.
I assume the openssl commands are to create self-signed certificate. in order not to show endusers certificate error, I have to deploy this certificate. there is no way to do it.
Thats why I came up with getting signed by public certificate authorities such as verisign, commodo, and so on.
However, I figured the public certificate authorities does not sign as root certificate.