The re-signing certificate replaces the original certificate signing authority only if that authority certificate is trusted by the firewall. If the authority is not trusted, then the certificate is self-signed. To avoid certificate errors, choose a certificate that is trusted by devices protected by DPI-SSL.
For information about requesting or creating a DPI SSL Certificate Authority (CA) certificate, refer to the Knowledge Base article, Gen 7: How can I create a DPI-SSL certificate for the purpose of DPI-SSL certificate resigning?
To select a re-signing certificate
Click Certificate.
Select the Certificate from the drop-down menu.
By the default, DPI-SSL uses the Default SonicWall DPI-SSL CA certificate to re-sign traffic that has been inspected.
If the certificate you want is not listed, you can import it from the DEVICE | Settings > Certificates. For more information, refer to Importing a Certificate Authority Certificate.
Click the Download link to download the selected certificate to the firewall.
To view available certificates, click System > Certificates link which displays the DEVICE | Settings > Certificates.