Use a chained SSL cert instead of root CA cert?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2011 05:23 PM
We have a PKI infrastructure in place, and I was wondering if I could use the cert and key from one of our issuing CA's which chains back to our root CA, instead of the root CA's cert to do HTTPS proxy?
or more technically, will the WSA take an intermediate cert to use for HTTPS Proxy?
Ken
- Labels:
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2011 08:57 PM
Answered my own question: If all else fails, RTFM. Pg 26-34 of the User Guide...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2011 07:50 AM
The only thing to watch out for is that on some of the older versions, I don't recall specifically which - but it's pretty old, the WSA doesn't send the root (intermediate in this case) along with server cert, so it can cause trust issues in your clients that don't already have the intermediate in their trust store.
You should be fine on any 6.3.5+ / 7.0+ version.
