Generate an Internal CA for Outbound Protection
This task discusses how you can optionally generate an internal certificate authority when you create a decryption rule that protects outbound connections. You can also perform these tasks using as discussed in Uploading a Signed Certificate Issued in Response to a CSR.
Before you begin
Make sure you understand the requirements for generating an internal certificate authority object as discussed in Internal Certificate Authority Objects.
Procedure
Step 1 | Log in to Security Cloud Control if you haven't already done so. |
Step 2 | Click and choose . |
Step 3 | Click Create Decryption Policy. |
Step 4 | Enter a name for the policy in the Name field and an optional description in the Description field. |
Step 5 | Click the Outbound Connections tab. |
Step 6 | From the Internal CA list, click . |
Step 7 | Give the internal CA a Name and provide a two-letter Country Name. |
Step 8 | Click Self-Signed or CSR. For more information about these options, see Internal Certificate Authority Objects. |
Step 9 | Enter the requested information in the provided fields. |
Step 10 | Click Save. |
Step 11 | If you chose CSR, after the signing request has been completed, click Install Certificate as follows: |
Step 12 | Continue creating the policy as discussed in Create a Decryption Policy with Inbound Connection Protection. |