Selecting the Re-Signing Certificate Authority

The re-signing certificate replaces the original certificate signing authority only if that authority certificate is trusted by the firewall. If the authority is not trusted, then the certificate is self-signed. To avoid certificate errors, choose a certificate that is trusted by devices protected by DPI-SSL.

For information about requesting or creating a DPI SSL Certificate Authority (CA) certificate, refer to the Knowledge Base article, Gen 7: How can I create a DPI-SSL certificate for the purpose of DPI-SSL certificate resigning?

To select a re-signing certificate

1. Navigate to the POLICY | DPI-SSL > Client SSL.

2. Click Certificate.

   

3. Select the Certificate from the drop-down menu.

   By the default, DPI-SSL uses the Default SonicWall DPI-SSL CA certificate to re-sign traffic that has been inspected.

   If the certificate you want is not listed, you can import it from the DEVICE | Settings > Certificates. For more information, refer to Importing a Certificate Authority Certificate.

4. Click the Download link to download the selected certificate to the firewall.

   To view available certificates, click System > Certificates link which displays the DEVICE | Settings > Certificates.

5. Click Accept.
6. Add trust to the browser according to Adding Trust to the Browser.