Skip to content

Certificate and Decryption for Proxy

In the previous section, we setup a HTTP plain text traffic and egressed to In this section we will setup a certificate and a decryption profile so that Valtix Gateway can inspect traffic going out on TLS to


Create/Import a certificate that will be used to sign the certificates from the external hosts and forwards to the clients. This certificate must be installed on all the app/client instances as a trusted root CA to avoid TLS certificate errors. For the tutorial purposes, we will generate a self-signed certificate. We will also ignore the TLS errors on the client machines.

Self-Signed Certificate

  1. Navigate to Manage -> Certificates
  2. Click Create
  3. Choose Generate (Self-signed) as the Method
  4. Click Generate
  5. Provide a Name (e.g egress-self-signed)
  6. Click Save

Decryption Profile

Once the certificate is created, create a decryption profile that uses this certificate

  1. Go to Manage -> Decryption
  2. Click Create
  3. Provide a name (e.g egress-tls-profile*)
  4. In the Method dropdown choose Select Existing
  5. In the certificate dropdown choose the certificate created above (e.g egress-self-signed)
  6. Click Save