This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>
Issue Description
Customer bought a wildcard certificate *.xxx.it that was issued by a trusted CA. The certification chain was like this: Digicert Root CA --> Thawte----> wildcard certificate.
He wanted to use this certificate for SSL decryption, but it was not working.
Handling Process
Firstly we have checked the wildcard certificate.
We can clearly see that the wildcard certificate is not a CA certificate.
Looking in the documentation, we can see that the SSL decryption certificate must be a CA certificate that has pubic-private key pair, so it can reissue server certificates.
You can recognize a CA certificate, by looking at the certificate detail on the firewall:
Solution
Customer cannot use the wildcard certificate as SSL decryption certificate. He can use it for management purpose of the firewall, by replacing the build-in server certificate, with this wildcard certificate.
END
Author : c00403827
Document ID: EKB1001446251
Fault Type :
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.
