I have a firewall product that claims to support IPS (Intrusion Prevention System) but they haven't provided a certificate for me to install locally. In my previous experiences, I needed to download a self-signed certificate from the firewall to avoid certificate errors while browsing. I'm wondering how these companies are handling SSL traffic—are they using paid public certificates or only dealing with HTTP traffic?
2 Answers
You might want to think about creating your own certificate, either from your company's internal CA or getting a public one. Most likely, your internal CA is already trusted by the devices you're using, so you wouldn't even need a self-signed cert.
It sounds like they aren't doing SSL inspection, which is kind of a big deal. If there’s no cert being used, then IPS won’t work effectively on HTTPS traffic—you're probably just getting filtering for HTTP.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures