Ruijie Community

Title: How to enable SSL inspection for HTTPS website [Print this page]

Author: Oscar    Time: 2018-9-10 11:19
Title: How to enable SSL inspection for HTTPS website
This recipe shows how to enable SSL insepction for webfiler on HTTPS website and how to import custom certification for SSL inspection.

Step 1: Create your SSL/SSH inspection profile.


Step 2: Modify web fiter profile. Select proxy inspection mode and enable "Scan Encrypted Connections"


Step 3: Bind the webfilter profile and SSL/SSH inspection profile on policy setting.


Step 4: Verification

Notes: By default, SSL/SSH inspection will use Ruijie built-in certificate, the browser will show untrust while access HTTPS website. In order to solve this, it's requested to get this certificate signed by an enterprise root Certificate Authority (CA) and import to firewall. Here are the procedures for importing certification.

Optional
Step 5: Generating a certificatesigning request (CSR)
Go to System > Certificates >Local Certificates and select Generate. In the Generate Certificate SigningRequest page, fill out the requiredfields. You can enter a maximum offive Organization Units.You may enter Subject AlternativeNames for which the certificate isvalid. Separate the names usingcommas


Notes: This CSR will need to be submitted and signed by an enterprise rootCA before it can be used. When submitting the file, ensure that the template for a Subordinate Certification Authority is used.

Step 6: Import a signed servercertificate from an enterpriseroot CA
Once the CSR is signed by anenterprise root CA, you can import itinto the RG-WALL unit.Go to System > Certificates >Local Certificates and click Import.From the Type drop down menu select Local Certificate and click Choose File. The CA signed certificate will now appear on the Local Certificates list.

Step 7: Choose your own certificate on SSL/SSH inspection profile.






Welcome to Ruijie Community (https://community.ruijienetworks.com/) Powered by Discuz! X3.2