Signing Certificate Parent topic

The client connects to the server through Deep Discovery Inspector when TLS traffic inspection is enabled. For the client to trust Deep Discovery Inspector, you must import a Signing Certificate.
To manage the signing certificate that Deep Discovery Inspector uses to decrypt TLS traffic, go to AdministrationMonitoring/ScanningTLS Traffic InspectionCertificate ManagementSigning Certificate.
Important
Important
The Deep Discovery Inspector back up and restore operations, and Deep Discovery Director configuration replication do not support signing certificate configuration.
You can do one of the following to configure the Signing Certificate.
  • Directly import the certificate downloaded from Deep Discovery Inspector
    1. Click Download Certificate to download the Deep Discovery Inspector self-generated certificate.
    2. Import the certificate on the client.
  • Use a Certificate Signing Request (CSR)
    1. Click Generate CSR to generate and download a Signing Certificate.
    2. Sign the CSR using the user's private key and certificate to generate a Signing Certificate.
    3. Click Import and Replace Certificate to import the Signing Certificate in to Deep Discovery Inspector.
    4. On the client, import the user's certificate that signed the CSR.
To remove, instead of replace, a private key and Signing Certificate, you must reset the appliance to the default settings. For details, see Restoring Default Settings .