Certificate Authority

HTTP > HTTPS Decryption> Settings | Certificate Authority

By default, IWSVA acts as a private Certificate Authority (CA) and dynamically generates digital certificates that are sent to client browsers to complete a secure passage for HTTPS connections. However, the default CA is not signed by a well-known (trusted) CA on the Internet. Client browsers always display a certificate warning every time users access an HTTPS Web site. Although users can safely ignore the certificate warning, Trend Micro recommends using a signed root certificate for IWSVA.

Import CA

Use this section to import a CA certificate to IWSVA. Before you start, you should already have a certificate from a well-known CA.

• - IWSVA supports certificates using only Base64-encoded certificate and RSA-based encrypted private key in PEM file format only.
  
  - To stop a certificate warning screen from being displayed on users computers when accessing a secured Web site, set the certificate as a trusted certificate for all users.
  
  - Also, add the relative certificates to the Trusted Root Certificate Authorities list in the appropriate web browser. For IE, go to Tools > Internet Options > Content (tab) > Certificates (button) > Trusted Root Certification Authorities (tab) > Import (button).

• Certificate—Click Browse to select a certificate file.

• Private Key—Click Browse to locate the private key associated with the CA certificate. The private key is provided together with your certificate from the well-known CA.

• Passphrase—Type the passphrase if you provided this information when applying for the CA certificate.

• Confirm passphrase—Type the passphrase again.

After you have specified the information, click Import CA.  

Export CA

Use this section to export and back up the CA certificate and the associated private key.

• Certificate—Click Export Public CA Key to export the certificate.  

• Private Key—Click Export Private CA Key to export the associated private key.