I am deploying hybrid solution by having SWG virtual appliance (on premise) and WSS on the cloud. My understanding for the SWG virtual appliance will have the following certificates :-
1 for the system admin to access to the console using https and 1 will be used for the internet traffic.
I am deploying 10 SWG in different location. By default, the SWG will create a self signed certificate for each of the SWG. This means will I have 10 self signed certificate to be installed in all the browser to trust the SWG. (plus the WSS cloud certificate).
Note I will have a SMC will certificate install.
My questions are
1) Can I have the step on how to create a CSR and then sign by my private CA ?
2) Can I have only 1 main certificate to install in the SWG (for internet traffic. not for the system admin access to the console using https). This will allow me to install 1 certificate to all browser instead of 10 certificates). If yes, how do can I do it ?
You can create CSR on the proxy and then signed with your CA.
Go to Configuration-->SSL-->Keyring-->Create Give name and then click on generate CSR.
If you are satisfied with an answer, please click "Accept Solution"
Reefr this Kb article too.