Internal Root CA
The internal Root CA dynamically generates all certificates used between the client browser and Content Gateway.
- You must have an internal Root CA to complete an inbound connection.
- Only one internal Root CA can be active at a time.
- The internal Root CA is stored in the SSL configuration database.Important:
The default internal Root CA that is included with Content Gateway is not unique and should not be used in a production environment.
Replace the default internal Root CA with your organization’s Root CA or create a new one.
There are three options for creating an internal Root CA:
- Leverage your organization’s existing CA and import it into Content Gateway. See Importing your Root CA.
- Create a new Root CA and make that CA available to browsers. See Creating a new Root CA.
- Create a subordinate CA that leverages an existing CA, but can also be revoked by that CA. See Creating a subordinate certificate authority.Important: Back up the existing internal Root CA before importing or creating a new one. This enables you to return to an earlier version, if necessary. See Backing up your internal Root CA for details.