Upload an Internal CA for Outbound Protection

This task discusses how you can optionally upload an internal certificate authority when you create a decryption rule that protects outbound connections. You can also perform these tasks using Objects > Object Management as discussed in Uploading a Signed Certificate Issued in Response to a CSR.

Before you begin

Make sure you understand the requirements for generating an internal certificate authority object as discussed in Internal Certificate Authority Objects.

Procedure

Step 1

Log in to Security Cloud Control if you haven't already done so.

Step 2

Click Administration > Firewall Management Center and choose Policies > Access Control > Decryption.

Step 3

Click Create Decryption Policy.

Step 4

Enter a name for the policy in the Name field and an optional description in the Description field.

Step 5

Click the Outbound Connections tab.

Step 6

From the Internal CA list, click Create New > Upload CA.

Step 7

Give the internal CA a Name.

Step 8

Paste or browse to locate the certificate and its private key in the provided fields.

Step 9

If the CA has a password, select the Encrypted check box and enter the password in the adjacent field.

Step 10

Continue creating the policy as discussed in Create a Decryption Policy with Outbound Connection Protection.