Create a non-Akamai certificate
An intermediate certificate authority (CA)
certificate is required for ETP Proxy to decrypt TLS and act as a trusted
man-in-the-middle for content inspection. In the following procedure, you generate this
certificate.
These steps describe how you create the intermediate certificate if your organization already has a public key infrastructure (PKI) and maintains an internal CA root certificate. This process involves an administrator downloading a certificate signing request (CSR), signing the CSR with the internal CA, and uploading the signed certificate to ETP.
If your company does not have a PKI in place, you can generate a public certificate that is signed by Akamai and distribute it to network devices. For more information, see Create an Akamai certificate.
You must be an ETP super administrator to perform this procedure.
Note: If you use pip and your
organization has enabled ETP Proxy, make sure you also add the ETP Proxy TLS
man-in-the-middle (MITM) certificate to the pip configuration file. In the pip.conf
file, add this entry:
[global]
cert = /path/certificate.pem
where:- path is the path to the certificate
- certificate is the name of the certificate
How to
- Generate a certificate signing request
- Sign the request with your CA. If you are using OpenSSL or Microsoft Certificate Services to issue and manage certificates, see the corresponding procedure:
- Upload and deploy signed certificate to ETP