Deploying the built-in CA certificate

Procedure

1. Go to Zero Trust Secure Access → Secure Access Configuration → Internet Access Configuration and click the HTTPS Inspection tab.
2. Click the settings icon ().
   The Manage Default Certificate panel opens.
3. Click Download built-in certificate (provided by the Internet Access Service) for the type of gateway you are using.
   Default certificate name for each gateway type: cloud_gateway.cer, on-premises_gateway.cer
4. Deploy the desired CA certificate to the supported browsers on your users' devices.

   Note The following browser setting instructions were valid as of November 2022.

   Browser	Version	Setting
   Google Chrome™ Microsoft Edge™ (Chromium-based)	Newest and most recent previous version	Note This task uses Windows 10 as an example. Open the certificate file. Click Install Certificate. The Certificate Import Wizard opens. Click Next. Select Place all certificates in the following store and click Browse. Select Trusted Root Certification Authorities and click OK. Click Next, and then click Finish.
   Apple™ Safari™	Newest and most recent previous version	Locate the certificate file in Finder, and double-click it. The Keychain Access window appears. Locate and open the certificate. The Certificate window opens. Expand Trust, and then set When using this certificate to Always Trust. Close the window. A screen shows and prompts for a password. Type your password and click Update Settings.
   Mozilla® Firefox®	Newest and most recent previous version	Click the Open menu icon in the top-right corner of the browser, and then select Settings. Click the Privacy & Security tab. Under Certificates, click View Certificates and then select Authorities. Note You cannot import the certificate to both the server and authorities. If the certificate is already imported to the server, delete it. Click Import. Navigate to the download folder and select the certificate file. Select Trust this CA to identify websites and then click OK.