Generate an internal CA for outbound protection

This task discusses how you can optionally generate an internal certificate authority when you create a decryption rule that protects outbound connections. You can also perform these tasks using Objects as discussed in Uploading a Signed Certificate Issued in Response to a CSR.

Before you begin

Make sure you understand the requirements for generating an internal certificate authority object as discussed in Internal Certificate Authority Objects.

Procedure

Step 1

From the Internal CA list, click Create New > Generate CA.

Step 2

Give the internal CA a Name and provide a two-letter Country Name.

Step 3

Click Self-Signed or CSR.

For more information about these options, see Internal Certificate Authority Objects.

Step 4

Enter the requested information in the provided fields.

Step 5

Click Save.

Step 6

If you chose CSR, after the signing request has been completed, click Install Certificate as follows:

  1. Repeat the preceding steps in this procedure.

  2. Edit the CA from the Internal CA list as follows.

    To install an internal CA from a certificate signing request, click Edit next to the name of the internal CA

  3. Click Install Certificate.

  4. Follow the prompts on your screen to complete the task.

Step 7

Continue creating the policy as discussed in Create a rule-based decryption policy with outbound connection protection.