Showing results for 
Search instead for 
Did you mean: 

how to setup certificate for HTTPS proxy on WSA

jiyoung Kim

Hi, I'm trying to install the certificate for HTTPS Proxy on WSA.


the environment is not using private CA so no options for this.


I was going to use third party certificate like verisign, but they don't allow to use 1024 bit CSR which WSA is generating.


then, I have only option to upload certificate and key.




I have trusted certificate, but do not have the matched key. is there anyway I can get it ?


also, the certificate has to be a signing certification, is that mean the certificate is root certificate or trusted certificate ??


then How do I get the key for it ?


Thank you.

3 Replies 3

Cisco Employee
Cisco Employee


The certificate required in the WSA for HTTPS proxy is root certificate.

Please see the previous discussion about the same topic





Artur Nowicki
Cisco Employee
Cisco Employee


Posted already in some other thread, but repeating here.

You could try the following steps (with openssl):


Generate the key:

openssl genrsa -des3 -out cakey.pem 2048

Generate the certificate (Valid for 10 Years):

openssl req -new -x509 -extensions v3_ca -key cakey.pem -out cacert.pem -days 3650

Remove the passphrase from the key:

openssl rsa -in cakey.pem -out cakey_nopass.pem

Later the certificate (cacert.pem) and key (cakey_nopass.pem) may be imported on the WSA.

Be aware about the performance impact caused by 2048bit certificate. It may influence it a lot.


I assume the openssl commands are to create self-signed certificate. in order not to show endusers certificate error, I have to deploy this certificate. there is no way to do it.

Thats why I came up with getting signed by public certificate authorities such as verisign, commodo, and so on.

However, I figured the public certificate authorities does not sign as root certificate.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: