I have a quick question around the SSL certificate for 2x S170 devices I am installing.
Can I purchase 1 certificate and use it on both devices or are 2 seperate certificates required.
Both of the Proxy servers go through a firewall and are not NAT'd.
Are there any specifics required for the certificate?
Technically, you can use the same cert on both WSA's.
Whether you can use the same cert on multiple machines is more a function of the license from the cert provider... some state that you have to purchase the right to use it in more than one place...
It has to be a signing cert, as what the WSA is doing is issuing a new cert that "mimics" the one on the webserver your user is access.
Do not purchase any certificates as you will likely receive a Server Certificate (not a Root Certificate).
If a trusted CA were to provide you with a Root signed by Verisign for example, you can in turn compete with their business and start signing/selling Server Certificates. There is no way that they can control what you would sign. You can start signing fradulent certificates and there is nothing that they can do to stop you other than revoking it which browsers do not check by default.
I have yet to see anybody get a Root signed by a trusted CA. If anybody has obtained one, please do let me know.
The only known ways to obtain a Root for the HTTPS proxy is to either:
a) generate one
b) extract it/generate it from an internal trusted CA.
The trick was to create a sub-CA from our internal Cert Server.
Couldn't find any specific documentation on doing this on a WSA. There is however documentation online for competitors.
We currently use self signed as we do not have an in house CA. I followed the guide here:
Can you folks please help me? I've one s170 and I would like to enable the HTTPS Proxy and I'm having trouble to upload the certificate to the appliance.
till now what I've done is Enable HTTPS Proxy --->Use Generated Certificate and Key---->Download Certificate Signing Request
and open my root authority server web page --->request a new certificate--->past the content of the s170 generated file
and I receive the certificate tried to upload the certificate to the proxy and one error is generated .
hope someone can help me.
I've just posted about this exact thing in a different thread:
Hope that helps you.