WSA & Certificate Query

peng · ‎01-05-2015

I will be setting up four WSA for a guest environment and a enterprise environment.

For the guest environment what certificate do I upload to the WSA? A enterprise root certificate or wildcard certificate?

Any direction you can provide would be appreciated.

Thanks

Jernej Vodopivec · ‎01-05-2015

What will you be using certificate for? For https inspection?

If you'd like to inspect SSL traffic for guest users you'll need to manually deploy CA certificate to client computers (under Truster Root CAs) so I wouldn't recommend you to do https inspection for guests at all. If you won't deploy CA certificate to client computer they'll get invalid certificate warning when establishing secured session.

HTTPS inspection is usually done to inspect corporate traffic where you're able to deploy certificate through GPO for example.

peng · ‎01-05-2015

Jernej,

Yes this is for https inspection for guest and will then eventually be used in the corporate environment.

In regards to the client receiving an invalid certificate if I don't deploy a CA certificate, would the same happen for a wildcard certificate.

Aim is to have the guest clients to go through the https inspection process, what is the best way of doing this or certificates I can use?

Jernej Vodopivec · ‎01-05-2015

The wildcard certificate wouldn't solve the problem. You have to deploy WSA's certificate to clients in some way.

Do it manually - you can put instructions that guest users needs to deploy certificate to their computers (and put link to the certificate along with these instructions) on hotspot portal for wireless users?

Or automatically - through GPO for enterprise clients.