Managing certificates for intercepting SSL connections

To decrypt SSL connections, you must add one or multiple certificates and then assign the active status to one of the added certificates. The other certificates will be displayed with the Inactive status. You can assign the active status to a different certificate at any time.

You can use the following types of certificates:

• Self-signed certificate.
• CSR-based certificate.
• PFX-based certificate.

Comparative characteristics of certificate types supported in the application are presented in the table below.

Comparative characteristics of supported certificate types

Characteristic	Self-signed	CSR-based	PFX-based
Requirement to use your own Certification Authority	No	Yes	Yes
Requirement to distribute the certificate to corporate LAN computers	Yes	No Applicable when one of the following conditions is fulfilled: The certificate was generated by your own Certification Authority included in the domain. The certificate was acquired from an authorized Certification Authority.	No
Storage of the private certificate key outside of a cluster	No	No	Yes
Capability to manually configure the certificate settings	Only specific fields can be filled.	Only specific fields can be filled.	Yes

In this section: Adding a self-signed certificate Adding a CSR-based certificate Adding a PFX-based certificate Viewing certificate information Assigning the active status to a certificate Downloading a certificate Deleting a certificate Importing a certificate to users' computers

Page top