I have an internal Windows CA that we would like to use for SSL/HTTPS decryption within PRSM. I have attempted to export/import all of the different methods I can think of, but I can't seem to get a combination that works with PRSM.
Does anyone have any input, or an article that details the steps for doing so? I've used OpenSSL before for similar things, but for some reason it seems like PRSM is a bit more fussy.
Do I understand the question is how to issue PRSM a certificate using your internal Windows CA (who is a trusted root CA for your users) so that it can apply a decryption policy for SSL traffic without the users having to accept / import and new certificates in to their trusted certificate store?
If so, are you following the process documented here?
Thanks for the reply, I've been on vacation for 10 days and just getting back to this now.
You are correct, that's exactly what I am trying to do. I did find that document, but I am having a hard time getting the format correct for the import to work. Should I be creating a certificate within IIS, and then exporting it with the private key and importing it into PRSM?
"If you request a new certificate from a CA, ensure that you request a certificate that is itself a Certificate Authority. In other words, you need to have a certificate that is enabled for issuing additional “child” certificates."
I'm not sure how to do this, as I've never had to do so.
I believe, to put it in Microsoft's terms, that they want you to issue the CX a certificate using the "subordinate CA" template available on Microsoft's Active Directory Certificate Services' terminology (link to Technet reference).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :