Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Windows Internal CA and PRSM



I have an internal Windows CA that we would like to use for SSL/HTTPS decryption within PRSM.  I have attempted to export/import all of the different methods I can think of, but I can't seem to get a combination that works with PRSM.


Does anyone have any input, or an article that details the steps for doing so?  I've used OpenSSL before for similar things, but for some reason it seems like PRSM is a bit more fussy.


Thanks in advance.



Hall of Fame Super Silver

Do I understand the question

Do I understand the question is how to issue PRSM a certificate using your internal Windows CA (who is a trusted root CA for your users) so that it can apply a decryption policy for SSL traffic without the users having to accept / import and new certificates in to their trusted certificate store?

If so, are you following the process documented here?

New Member

Hi Marvin, Thanks for the

Hi Marvin,


Thanks for the reply, I've been on vacation for 10 days and just getting back to this now.


You are correct, that's exactly what I am trying to do.  I did find that document, but I am having a hard time getting the format correct for the import to work.  Should I be creating a certificate within IIS, and then exporting it with the private key and importing it into PRSM?





New Member

The thing that confuses me is

The thing that confuses me is this line:


"If you request a new certificate from a CA, ensure that you request a certificate that is itself a Certificate Authority. In other words, you need to have a certificate that is enabled for issuing additional “child” certificates."


I'm not sure how to do this, as I've never had to do so.





Hall of Fame Super Silver

I believe, to put it in

I believe, to put it in Microsoft's terms, that they want you to issue the CX a certificate using the "subordinate CA" template available on Microsoft's Active Directory Certificate Services' terminology (link to Technet reference).

CreatePlease login to create content