-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Various methods to distribute SonicWall DPI SSL certificate
06/12/2020 
37 People found this article helpful
477,461 Views
Description
Deep Packet Inspection of Secure Socket Layer (DPI-SSL) extends SonicWall's Deep Packet Inspection technology to the inspection of encrypted HTTPS traffic and other SSL-based traffic. The SSL traffic is decrypted (intercepted) transparently, scanned for threats, and then re-encrypted and, if no threats or vulnerabilities are found, sent along to its destination.
After performing DPI-SSL inspection, the appliance re-writes the certificate sent by the remote server and signs this newly generated certificate with the certificate specified in the Client DPI-SSL configuration. By default, this is the firewall certificate authority (CA) certificate, but a different certificate can be specified. Users should be instructed to add the certificate to their browser's trusted list to avoid certificate trust errors.
Resolution
TIP: It is always recommended to create your own DPI SSL Certificate For The Purpose Of DPI-SSL Certificate Resigning. You can refer to How Can I Create A DPI-SSL Certificate For The Purpose Of DPI-SSL Certificate Resigning? for the same.
- Manual installation of the certificate
The certificate can be manually added on the end machine at the following sections.
a) Windows Certificate Store
How Can I Import The SonicWall DPI-SSL CA Certificate Into The Windows Certificate Store?
b) Modern Browsers
How To Install The DPI-SSL Certificate In Modern Browsers
c) Mozilla Firefox
Internet Explorer, Chrome, Opera uses the Windows Certificate store to build trust. Mozilla Firefox uses its own certificate store and the CA certificate must be manually imported into the Firefox certificate store.
How Can I Manually Import The Client DPI-SSL CA Certificate Into Firefox? - Group Policy
Distributing The Default SonicWall DPI-SSL CA Certificate To Client Computers Using Group Policy
This can also be done specifically for browsers
How Can I Distribute SonicWall DPI-SSL CA Certificate To Web Browsers? - Capture Client Policy
How Do I Add A SSL Certificate In The Capture Client? - Specific OS based installations
a) MAC OS
How To Import The DPI-SSL Client Certificate Under MacOS
b) Ubuntu OS
How To Add DPI-SSL CA Certificate On Ubuntu OS?
For more details on DPI SSL, please check Where Can I Learn More About DPI-SSL?
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > NSa Series > Client/Server DPI-SSL
- Firewalls > TZ Series > DPI-SSL
- Firewalls > SonicWall SuperMassive 9000 Series > DPI-SSL
- Firewalls > SonicWall SuperMassive E10000 Series > DPI-SSL
YES
NO