AnsweredHot!SSL inspection & CA trust: how to distrust a preinstalled CA

Author
germafab
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/07/27 13:39:31
  • Status: offline
2017/08/17 01:19:36 (permalink)
0

SSL inspection & CA trust: how to distrust a preinstalled CA

Hi all,
 
Currently all CAs in the TrustedCA list are trusted when doing ssl handshake inspection. Now I would like to remove the trust for certain CAs like "WoSign" and/or others systemwide / for ssl inspection.
 
I'm running FOS 5.6.1 and can't seem to find any option to do this. How can this be done? 
 
Cheers,
germafab
#1
hmtay_FTNT
Gold Member
  • Total Posts : 204
  • Scores: 26
  • Reward points: 0
  • Joined: 2017/02/22 11:02:10
  • Status: offline
Re: SSL inspection & CA trust: how to distrust a preinstalled CA 2017/08/17 08:41:04 (permalink) ☼ Best Answerby germafab 2017/08/18 08:19:39
0
Hello germafab,
 
This can only be done through the CLI. Here's how you do it:
 
config vpn certificate ca
edit <name>       E.g. edit WoSign
set trusted disable
next
end
 
If you then check the Trusted CAs List, the certificates will not be there anymore. Hope this helps!
 
Homing
#2
Jump to:
© 2017 APG vNext Commercial Version 5.5