Generate your own CA private key and self-signed certificate as an alternative to using a third-party CA. This is useful when enabling HTTPS decryption in IWSVA.
To create a private key and self-signed certificate:
- Log on to the IWSVA server using the Command Line Interface (CLI).
- Run the following command:
openssl req -x509 -newkey rsa:1024 -keyout /tmp/root_key.pem -out /tmp/root_req.pem
Or alternatively, create a SHA256 self-signed certificate:
openssl req -x509 -sha256 -newkey rsa:2048 -keyout /tmp/root_key.pem -out /tmp/root_req.pem
This will create the following files:
- /tmp/root_key.pem – contains the private key encrypted with the password you specified
- /tmp/root_req.pem – contains the self-signed certificate
- Copy the files from the IWSVA server to your local machine.
- Open the IWSVA management console.
- Go to HTTP > HTTPS Decryption > Settings > Certificate Authority.
- In the Import CA section, go to the Certificate field and browse to the location of the root_req.pem file.
- Go the Private Key field and browse to the location of the root_key.pem file.
- In the Passphrase and Confirm passphrase fields, enter the password that you specified in Step 2.
- Click Import CA > OK.
For information on configuring HTTPS decryption, refer to the following IWSVA Administrator Guides: