No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Knowledge Base

Wildcard certificate for SSL decryption

Publication Date:  2018-03-29  |   Views:  1012  |   Downloads:  0  |   Author:  c00403827  |   Document ID:  EKB1001446251

Contents
Issue Description Handling Process Solution

Issue Description

Customer bought a wildcard certificate *.xxx.it that was issued by a trusted CA. The certification chain was like this: Digicert Root CA -->Thawte---->wildcard certificate.

He wanted to use this certificate for SSL decryption, but it was not working.

Handling Process

Firstly we have checked the wildcard certificate.

 

We can clearly see that the wildcard certificate is not a CA certificate.

Looking in the documentation, we can see that the SSL decryption certificate must be a CA certificate that has pubic-private key pair, so it can reissue server certificates.

You can recognize a CA certificate, by looking at the certificate detail on the firewall:

  

 

Solution

Customer cannot use the wildcard certificate as SSL decryption certificate. He can use it for management purpose of the firewall, by replacing the build-in server certificate, with this wildcard certificate.

Feedback
Related resources
Documentation Software Download Bulletins Tools
Related searches
By Author
Help us to improve
Write an article
Enterprise APP

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.