Create a non-Akamai certificate

An intermediate certificate authority (CA) certificate is required for ETP Proxy to decrypt TLS and act as a trusted man-in-the-middle for content inspection. In the following procedure, you generate this certificate.

These steps describe how you create the intermediate certificate if your organization already has a public key infrastructure (PKI) and maintains an internal CA root certificate. This process involves an administrator downloading a certificate signing request (CSR), signing the CSR with the internal CA, and uploading the signed certificate to ETP.

If your company does not have a PKI in place, you can generate a public certificate that is signed by Akamai and distribute it to network devices. For more information, see Create an Akamai certificate.

You must be an ETP super administrator to perform this procedure.

Note: If you use pip and your organization has enabled ETP Proxy, make sure you also add the ETP Proxy TLS man-in-the-middle (MITM) certificate to the pip configuration file. In the pip.conf file, add this entry:
[global]
cert = /path/certificate.pem
where:
  • path is the path to the certificate
  • certificate is the name of the certificate

How to

  1. Generate a certificate signing request
  2. Sign the request with your CA. If you are using OpenSSL or Microsoft Certificate Services to issue and manage certificates, see the corresponding procedure:
  3. Upload and deploy signed certificate to ETP