Configuring Server-to-Certificate Pairings

Policy Configuration : DPI-SSL Overview

Configuring Server-to-Certificate Pairings

Server DPI-SSL inspection requires that you specify which certificate is used to sign traffic for each server that has DPI-SSL inspection done on its traffic. To configure a server-to-certificate pairing, complete the following steps:

1

Navigate to the DPI-SSL > Server SSL page and scroll down to the SSL Servers section.

NOTE: The SSL Servers section is available only at the unit level, not at the group level.

2

Click Add.

3

In the Address Object/Group pull-down menu, select the address object or group for the server or servers that you want to apply DPI-SSL inspection to.

4

In the SSL Certificate pull-down menu, select the certificate that is used to sign the traffic for the server. For more information on importing a new certificate to the appliance, see Selecting the Re-Signing Certificate Authority . For information on creating a certificate, see Creating PKCS-12 Formatted Certificate File .

5

Select Cleartext to enable SSL offloading. See SSL Offloading for more information.

6

Click Add.