Procedure

1. Go to Administration → System Settings → Authentication Cert.
2. Under Assign certificate, select one of the following:
   The certificate is used to sign an endpoint certificate for the administrative Web console or Captive Portal.

   Option	Description
   Assign by importing certificate	To import a certificate manually.
   Assign by HTTPS policy	To use the CA certificate from a specified HTTPS Inspection policy. Important Before selecting and configuring an authentication certificate using the Assign by HTTPS policy option, you should ensure that the CA certificate of the selected HTTPS Inspection policy is installed on client machines before changing the authentication certificate. This ensures that clients/browsers can build a complete certificate chain, thus avoiding authentication failures.

3. Perform the appropriate steps, depending on method of certificate assignment.

   Method	Steps to Take
   Assign by importing certificate	Select the Import type: PEM/DER The certificate file is in PEM or DER file format. PKCS7 The certificate file is in P7B or PKCS#7 file format. PKCS12 The certificate file is in PFX or PKCS#12 file format. In Certificate, browse and choose the certificate file. For the PEM/DER and PKCS7 formats: In Private key, browse and choose the private key file for the certificate file. Enter the password of the private key and then confirm it. Click on Verify Certificate to verify that the certificate is valid.
   Assign by HTTPS policy	In Assign from HTTPS policies select the HTTPS Inspection policy with the CA certificate that will be used to sign an endpoint certificate and for accessing the Web console and for authentication. Verify the correct HTTPS Inspection policy is selected. Note When using the CA certificate from an HTTPS Inspection certificate to sign an endpoint certificate: CommonName = host name of Deep Discovery Web Inspector appliance Signature algorithm: sha256RSA Subject Alternative Name: DNS Name = host name of Deep Discovery Web Inspector appliance

4. Click Save.