Ssl proxy on stormshield/netasq utm


#1

Hi,

I would like to know if it’s possible to get an Intermediate public CA (with password) from LE in order to set it on my Firewall. Because my UTM built in auto signed CA is boring, I have to deploy on each computer by GPO, guest computers are not reachable by my domain GPO, iphones too and so much cases who make self signed CA not useful.

So I really want to get a solution and use a public CA.

Is it possible ? am I the only one with this topology ?

Thanks !


#2

No, Let’s Encrypt does not give out intermediate certificates (and publicly-trusted CAs in general are not allowed to do so unless you submit to the auditing requirements of the CA/B Forum). See this topic for an in-depth discussion.

I’m not familiar with Stormshield, but if that’s some kind of MitM proxy that allows you to intercept and scan SSL traffic, you won’t be able to use any public CA for this purpose, as they’re not allowed to issue certificates to anyone but the domain owner. Internal/Private CAs are the way to go for that use-case.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.