Initial SSL configuration tasks

For inbound (client to Content Gateway) traffic, perform these steps to prepare for supporting HTTPS traffic through Content Gateway:

  1. Create an internal root CA (certificate authority). In order to sign SSL traffic, Content Gateway requires an internal SSL Certificate Authority that has the ability to sign SSL certificates. This is for traffic between the browser and Content Gateway. See Internal Root CA.
  2. Add this CA to the certificate tree. Servers, such as destination servers, check this tree to ensure that they can trust users because they have certificates from an authority listed here. The certificates listed on the certificate tree are certificate authorities you empower (trust) to verify the validity of individual websites. Any site signed by a certificate authority in the certificate tree with the “allow” status is allowed through Content Gateway. See Managing certificates
  3. Customize pages that browser users will see. See Customizing SSL connection failure messages. Among the pages that can be customized are a connect failure and certificate verification failure page.