No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

Wildcard certificate for SSL decryption

Publication Date:  2018-03-29  |   Views:  1012  |   Downloads:  0  |   Author:  c00403827  |   Document ID:  EKB1001446251


Issue Description

Customer bought a wildcard certificate * that was issued by a trusted CA. The certification chain was like this: Digicert Root CA -->Thawte---->wildcard certificate.

He wanted to use this certificate for SSL decryption, but it was not working.

Handling Process

Firstly we have checked the wildcard certificate.


We can clearly see that the wildcard certificate is not a CA certificate.

Looking in the documentation, we can see that the SSL decryption certificate must be a CA certificate that has pubic-private key pair, so it can reissue server certificates.

You can recognize a CA certificate, by looking at the certificate detail on the firewall:




Customer cannot use the wildcard certificate as SSL decryption certificate. He can use it for management purpose of the firewall, by replacing the build-in server certificate, with this wildcard certificate.