Trusted CA Certificates

Views:

Deep Discovery Inspector behaves like a proxy on the behalf of the client to verify the server certificate when inspecting TLS traffic. For Deep Discovery Inspector to verify the server, you must import a Trusted CA Certificate. If you do not import a Trusted CA Certificate, Deep Discovery Inspector will not be trust the server and therefore will not connect to the server.

To manage trusted CA certificates, go to Administration → Monitoring/Scanning → TLS Traffic Inspection → Certificate Management → Trusted CA Certificates. You must have one valid trusted CA certificate for Deep Discovery Inspector to decrypt TLS traffic.

Deep Discovery Inspector only supports the following formats for trusted certificates:

PEM
DER
PKCS#7

Note

The Deep Discovery Inspector back up and restore operations, and Deep Discovery Director configuration replication do support trusted certificate configuration.

On the Trusted CA Certificates screen, you can do the following:

Action	Description
Add	Add a new certificate.
Delete	Delete the selected certificates.
Import	Import new certificates.
Export All	Export all of the certificates.
Refresh	Refresh the list of certificates.
Search subject	Search the list based on a certificate subject.