Internal Root CA

The internal Root CA dynamically generates all certificates used between the client browser and Content Gateway.

• You must have an internal Root CA to complete an inbound connection.
• Only one internal Root CA can be active at a time.
• The internal Root CA is stored in the SSL configuration database.
  Important:

  The default internal Root CA that is included with Content Gateway is not unique and should not be used in a production environment.

  Replace the default internal Root CA with your organization’s Root CA or create a new one.

There are three options for creating an internal Root CA:

• Leverage your organization’s existing CA and import it into Content Gateway. See Importing your Root CA.
• Create a new Root CA and make that CA available to browsers. See Creating a new Root CA.
• Create a subordinate CA that leverages an existing CA, but can also be revoked by that CA. See Creating a subordinate certificate authority.
  Important: Back up the existing internal Root CA before importing or creating a new one. This enables you to return to an earlier version, if necessary. See Backing up your internal Root CA for details.