Internal Root CA

The internal Root CA dynamically generates all certificates used between the client browser and Content Gateway.

  • You must have an internal Root CA to complete an inbound connection.
  • Only one internal Root CA can be active at a time.
  • The internal Root CA is stored in the SSL configuration database.
    Important:

    The default internal Root CA that is included with Content Gateway is not unique and should not be used in a production environment.

    Replace the default internal Root CA with your organization’s Root CA or create a new one.

There are three options for creating an internal Root CA:

  • Leverage your organization’s existing CA and import it into Content Gateway. See Importing your Root CA.
  • Create a new Root CA and make that CA available to browsers. See Creating a new Root CA.
  • Create a subordinate CA that leverages an existing CA, but can also be revoked by that CA. See Creating a subordinate certificate authority.
    Important: Back up the existing internal Root CA before importing or creating a new one. This enables you to return to an earlier version, if necessary. See Backing up your internal Root CA for details.