Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
10
Helpful
2
Replies

Use a chained SSL cert instead of root CA cert?

Ken Stieers
VIP
VIP

‎03-16-2011 05:23 PM

We have a PKI infrastructure in place, and I was wondering if I could use the cert and key from one of our issuing CA's which chains back to our root CA, instead of the root CA's cert to do HTTPS proxy?           

or more technically, will the WSA take an intermediate cert to use for HTTPS Proxy?

Ken

Labels:
0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎03-16-2011 08:57 PM

Answered my own question:  If all else fails, RTFM.  Pg 26-34 of the User Guide...

jowolfer
Level 1
Level 1
In response to Ken Stieers

‎03-17-2011 07:50 AM

The only thing to watch out for is that on some of the older versions, I don't recall specifically which - but it's pretty old, the WSA doesn't send the root (intermediate in this case) along with server cert, so it can cause trust issues in your clients that don't already have the intermediate in their trust store.

You should be fine on any 6.3.5+ / 7.0+ version.

0 Helpful
Customers Also Viewed These Support Documents