Generate an Internal CA for Outbound Protection

This task discusses how you can optionally generate an internal certificate authority when you create a decryption rule that protects outbound connections. You can also perform these tasks using Objects > Object Management as discussed in Uploading a Signed Certificate Issued in Response to a CSR.

Before you begin

Make sure you understand the requirements for generating an internal certificate authority object as discussed in Internal Certificate Authority Objects.

Procedure

Step 1

Log in to Security Cloud Control if you haven't already done so.

Step 2

Click Administration > Integrations > Firewall Management Center and choose Policies > Access Control > Decryption.

Step 3

Click Create Decryption Policy (Rule-Based).

Step 4

Enter a name for the policy in the Name field and an optional description in the Description field.

Step 5

Click the Outbound Connections tab.

Step 6

From the Internal CA list, click Create New > Generate CA.

Step 7

Give the internal CA a Name and provide a two-letter Country Name.

Step 8

Click Self-Signed or CSR.

For more information about these options, see Internal Certificate Authority Objects.

Step 9

Enter the requested information in the provided fields.

Step 10

Click Save.

Step 11

If you chose CSR, after the signing request has been completed, click Install Certificate as follows:

  1. Repeat the preceding steps in this procedure.

  2. Edit the CA from the Internal CA list as follows.

    To install an internal CA from a certificate signing request, click Edit next to the name of the internal CA

  3. Click Install Certificate.

  4. Follow the prompts on your screen to complete the task.

Step 12

Continue creating the policy as discussed in Create a Create a Decryption Policy with Outbound Connection Protection.