Various methods to distribute SonicWall DPI SSL certificate
06/12/2020 37 People found this article helpful 477,461 Views
Description
Deep Packet Inspection of Secure Socket Layer (DPI-SSL) extends SonicWall's Deep Packet Inspection technology to the inspection of encrypted HTTPS traffic and other SSL-based traffic. The SSL traffic is decrypted (intercepted) transparently, scanned for threats, and then re-encrypted and, if no threats or vulnerabilities are found, sent along to its destination.
After performing DPI-SSL inspection, the appliance re-writes the certificate sent by the remote server and signs this newly generated certificate with the certificate specified in the Client DPI-SSL configuration. By default, this is the firewall certificate authority (CA) certificate, but a different certificate can be specified. Users should be instructed to add the certificate to their browser's trusted list to avoid certificate trust errors.
Resolution
TIP: It is always recommended to create your own DPI SSL Certificate For The Purpose Of DPI-SSL Certificate Resigning. You can refer to How Can I Create A DPI-SSL Certificate For The Purpose Of DPI-SSL Certificate Resigning? for the same.
- Manual installation of the certificate
The certificate can be manually added on the end machine at the following sections.
a) Windows Certificate Store
How Can I Import The SonicWall DPI-SSL CA Certificate Into The Windows Certificate Store?
b) Modern Browsers
How To Install The DPI-SSL Certificate In Modern Browsers
c) Mozilla Firefox
Internet Explorer, Chrome, Opera uses the Windows Certificate store to build trust. Mozilla Firefox uses its own certificate store and the CA certificate must be manually imported into the Firefox certificate store.
How Can I Manually Import The Client DPI-SSL CA Certificate Into Firefox?
- Group Policy
Distributing The Default SonicWall DPI-SSL CA Certificate To Client Computers Using Group Policy
This can also be done specifically for browsers
How Can I Distribute SonicWall DPI-SSL CA Certificate To Web Browsers?
- Capture Client Policy
How Do I Add A SSL Certificate In The Capture Client?
- Specific OS based installations
a) MAC OS
How To Import The DPI-SSL Client Certificate Under MacOS
b) Ubuntu OS
How To Add DPI-SSL CA Certificate On Ubuntu OS?
For more details on DPI SSL, please check Where Can I Learn More About DPI-SSL?
Related Articles
Categories
Was This Article Helpful?
YESNO