SSL Inspection Advanced
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|276
SSL Inspection Advanced
To enable SSL web traffic inspection, you must first establish trust between the clients and the
gateway.
An important part of the HTTPS inspection support is the validation of the server's certificate.
This requires validating the signing CA of the server certificates.
On the SSL Inspection Advanced page, you can manage trusted certificate authorities. The
gateway has a built-in predefined list of trusted CAs, based on the Mozilla/LibCurl Trusted CA
list. Only a server certificate signed by one of those CAs is recognized as a valid certificate.
The table shows the list of trusted CAs.
Trusted CA types:
n
Default from the gateway - These CAs can be disabled but not deleted.
n
Added by user - These CAs can be deleted.
To add a CA manually to the trusted CA list:
1. Click Add.
The Add a Trusted CA window opens.
2. Click Browse to select a trusted CA file.
3. Optional - Click Preview to view the CA.
4. Click Apply
To delete a trusted CA:
1. Click the icon next to the CA.
2. Click Delete.
Note - You can only delete a CA that was added by a user.
To disable/enable a trusted CA:
1. Click the icon next to the CA.
2. Click Disable/Enable.
To Next Page
Loading...
