This article discusses how to manage the certificates required for performing TLS inspection.
TLS Inspection decrypts and inspects HTTPS traffic to identify and mitigate potential threats hidden within encrypted sessions. The Certificate Management page lets you manage the certificates used for performing TLS Inspection. You can view information about the certificates, configure private certificates, and activate a certificate to be used for TLS Inspection.
The Certificate Management table shows useful information for each certificate configured for your account. The table also lets you download a certificate in different formats, and activate a certificate. For more about activating certificates, see below Activating a Certificate.
This is the information shown for each certificate in the Certificate Management table:
-
Type - Shows whether the certificate is a Cato certificate or private certificate (including custom certificate or Certificate Signing Request (CSR)). For more about private certificates, see Securing Traffic with TLS Inspection Using Private Certificates
-
Creation Date - The start date of the validity period for the certificate
-
Expiration Date - The end date of the validity period for the certificate
-
Common Name - The name of the server protected by the certificate
-
Status - Shows if the certificate is the active certificate or is not activated
-
The Actions menu lets you download the certificate as PEM or DER, or activate the certificate
When you expand a row of a certificate, the following details are shown:
-
Certificate Hierarchy - Shows the chain of trust for the certificate
-
Certificate Fields - Details for the certificate, including:
-
General information including the certificate version, serial number, certificate signature algorithm, and issuer
-
Validity - The start and end dates of the validity period for the certificate
-
Fingerprints - The hashes of the certificate's public key
-
When you activate a certificate, that certificate is the one used by the TLS Inspection policy. Only one certificate can be activated at any given time, therefore when you activate a new certificate, all other certificates become inactive.
For information about configuring private certificates for use with Cato TLS Inspection, see Securing Traffic with TLS Inspection Using Private Certificates.
0 comments
Article is closed for comments.